Public bug reported: I'm hoping that my cloud will soon be able to adopt the new default scoped role model documented at
https://docs.openstack.org/keystone/latest/admin/service-api- protection.html That document is good about detailing which roles can read and view existing role assignments, but I can't tell which users can or can't assign new roles. For example, if I give a user the admin role in a project, can that user add additional users to that project? ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1924790 Title: default role documentation: who can assign roles? Status in OpenStack Identity (keystone): New Bug description: I'm hoping that my cloud will soon be able to adopt the new default scoped role model documented at https://docs.openstack.org/keystone/latest/admin/service-api- protection.html That document is good about detailing which roles can read and view existing role assignments, but I can't tell which users can or can't assign new roles. For example, if I give a user the admin role in a project, can that user add additional users to that project? To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1924790/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
