v2 has been deprecated. v3 provides much finer RBAC control and should
be used for just this reason.
** Changed in: keystone
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1350879
Title:
Keystone V2 API does not use the policy.json for RBAC
Status in OpenStack Identity (keystone):
Won't Fix
Bug description:
The Keystone V2 API does not allow for granular editing of the RBAC rules.
For example, allowing members of a project to list the API endpoints.
In other OpenStack projects this is done through the policy.json file,
and the Keystone V3 API uses this file to determine RBAC.
I would propose that Keystone V2 API use this policy for at least
listing the API endpoints. This information is already visible through
the dashboard to any member of a project. This will allow for users to
optionally allow non-admin API access to list the API endpoints.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1350879/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
