On Wed, May 27, 2015 at 10:37:13AM +0000, [email protected] wrote: > Hi, > > When I run the command 'heat stack-list -g' as an 'admin' user, I get > unauthorized. Heat policy.json says "stacks:global_index": > "rule:deny_everybody". How can I make this work?
You'll have to modify the rule in policy.json, it's deliberately disabled by default due to the potential for misuse, particularly give this long-standing keystone bug[1] If you're prepared for any admin in any project to have global visibility of all stacks, you could just s/deny_everybody/context_is_admin on that line. A potentially more secure solution for real deployments would be to create a new role which is only given to operator/service admins who you want to grant global list access to. [1] https://bugs.launchpad.net/keystone/+bug/968696 _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
