Can't create both inherited and direct role assignment on same entities
Bug #1403539 reported by
Samuel de Medeiros Queiroz
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Samuel de Medeiros Queiroz |
Bug Description
This bug applies to backend SQL, since it is the only that supports inherited role assignments.
Given a role assignment (actor_id, target_id, role_id, inherited), it should be possible to grant it as both direct and inherited:
- (actor_id, target_id, role_id, inherited=False)
- (actor_id, target_id, role_id, inherited=True)
Currently, it isn't possible since the RoleAssignment table constraint does not include inherited column as primary key [1].
This bug affects inherited functionality on both domains and projects.
[1] https:/
Changed in keystone: | |
assignee: | nobody → Samuel de Medeiros Queiroz (samuel-z) |
Changed in keystone: | |
milestone: | none → kilo-rc1 |
Changed in keystone: | |
importance: | Undecided → Medium |
Changed in keystone: | |
assignee: | Samuel de Medeiros Queiroz (samueldmq) → Morgan Fainberg (mdrnstm) |
Changed in keystone: | |
assignee: | Morgan Fainberg (mdrnstm) → Samuel de Medeiros Queiroz (samueldmq) |
Changed in keystone: | |
milestone: | kilo-rc1 → liberty-1 |
tags: | added: kilo-backport-potential |
tags: |
added: kilo-rc-potential removed: kilo-backport-potential |
tags: | removed: kilo-rc-potential |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | liberty-1 → 8.0.0 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/142472
Review: https:/