Answering my own question. Looks like this will walk me through exactly what I want: http://adam.younglogic.com/2013/11/policy-enforcement-openstack/
/Craig J On 6/13/14 11:45 AM, "Craig Jellick" <[email protected]> wrote: >We use AD as the identity backend and MySQL as the assignment backend, >but I don't see how the backends would affect what I would want to do. > >Sent from my iPhone > >> On Jun 13, 2014, at 11:22 AM, "gustavo panizzo <gfa>" >><[email protected]> wrote: >> >>> On 06/13/2014 02:57 PM, Craig Jellick wrote: >>> Has anyone setup a "project admin" rule for keystone? >>> Let me explain what I mean by that rule to be clear: >>> it should allow a user to add and remove other users to projects to >>> */which he belongs/*. Meaning, as a project admin for project foo, I >>> should be able to add/remove users to project foo, but not to project >>> bar, because I'm not a project admin for project bar. >> >> it could be easily do if you use ldap as your backend, >> >> sorry if being Off Topic >> >> >> -- >> 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 > >_______________________________________________ >Mailing list: >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >Post to : [email protected] >Unsubscribe : >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
