Thanks yaguang, I'll give a try. On Sat, Oct 21, 2017 at 11:26:05AM +0800, Yaguang Tang wrote: > you can archive what you want by modifying the policy.json of Nova and other > projects to define readonly role, and create that role in keystone, then > assign to users you want. > > On Thu, Oct 19, 2017 at 3:15 PM, Chengwei Yang <[email protected]> > wrote: > > Hi list, > > As I understand, keystone only defined two roles: > > - admin > - non-admin, but can be any role name you want, role1, role2, user, > _member_, whatever > > say there are quite few people in the same project, so far, the users > assigned with the same role has exactly the same right to a project. > > Is it possible to create a role with read-only capabilities with all > resources in a project? > > If so, any hints? > > In addition, I'd like to create a role which isn't admin but can manage > projects(create project, delete his project, manage project members and > etc.) > > thanks in advance! > > -- > Thanks, > Chengwei > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > > -- > Tang Yaguang > > > > SECURITY NOTE: file ~/.netrc must not be accessible by others
-- Thanks, Chengwei
signature.asc
Description: PGP signature
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
