How to restrict adding users in projects from different domains/regions ?
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
Hi Team,
I able to add users or Technical users in projects from different domains, i dont think this is a default feature ? or is it ? if yes, can we restrict users from being added from different domains/regions ?
The keystone policy.json is present here https:/
The command used to add users from different domain is :
openstack role add --project <project_id> --user <user_id> <role_id>
Do we need to harden the policy wrt :
"identity:
or
"identity:
Debug logs show : HTTP PUT is being used:
PUT call to identity for <AUTH_URL>
Regards,
Rajiv
any update here ?