On 07-Nov 11:16, Sameer Kumar wrote:
> 
> I have following questions:
> 
> 
> 1.     Can I assign a role defined in another domain to particular
> user belonging to a different project & domain? How to achieve this in
> Mitaka? For example can Bob be assigned to a member role in PRJ_B1 of
> Domain B while he originally belongs to PRJ_A1 of Domain A?

You should be able to use the CLI to do this. I'm not sure about how it
can be done in horizon. Example command:

  openstack role add --user user_in_domainA --user-domain domainA --project 
project_in_domainB Member 

You example data seems to have already done this. Ben and John (from
domainB) have the member role on a project in domainA. Is this causing
you trouble?


> 
> 2.     Is there a way to create “Security Group” rules for an instance
> and define policies associated to user and his role in a project? For
> example, I want to allow certain users to use ssh and sftp
> functionalities on an instance but deny these access to other users?
> If not, is there any alternate to achieve the same.
> 
> 
> 3.     Can a user with admin role modify a shared network of project
> defined in another domain? For example can Bob (admin role in PRJ_A1
> and Domain A) modify/delete ports on network NET_3 which belongs to a
> PRJ_B1 of domain B?

I don't really know the answer to this, but I suspect that it depends on
the policy you have in place. What does your policy look like for those
operations?


-- 
david stanek
web: http://www.dstanek.com
blog: http://www.traceback.org

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to