I think you have to define rule as below "domain-admin": "role:domain_admin and domain_id:%(target.domain.domain_id)s"
Associate this rule with APIS which you want to scope to domain admin. Try and let us know. Arvind -----Original Message----- From: boun...@canonical.com [mailto:boun...@canonical.com] On Behalf Of Telles Mota Vidal Nóbrega Sent: Thursday, January 16, 2014 6:30 AM To: Tiwari, Arvind Subject: Domain ID in Policy_dict Hi, i'm working on some new features for openstack and this merge that you submitted https://review.openstack.org/#/c/50488/ does most of what I need. I updated the code here but I couldn't make it work, my idea is to create a role called domain_admin, to check this we would need to check if the user is admin and is owner of the domain and for that we would need the domain_id t o be checked at the policy.json which by the examples you posted works. Unfortunetly I wasn't able to do so, can you help me out, give me some tips on how to get this working? Thanks -- This message was sent from Launchpad by =?utf-8?q?Telles_Mota_Vidal_N=C3=B3brega?= (https://launchpad.net/~tellesmvn) using the "Contact this user" link on your profile page (https://launchpad.net/~arvind-tiwari). For more information see https://help.launchpad.net/YourAccount/ContactingPeople _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev