Cinder ignores reader role conventions in default policies
Bug #1917795 reported by
Lance Bragstad
This bug affects 4 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Cinder |
New
|
Medium
|
Unassigned | ||
Bug Description
In keystone, if I grant someone the reader role on a project [0], they're able to make writable changes in cinder.
Opening this bug to track work for cinder to consume keystone's default read-only `reader` role.
[0] $ openstack --os-cloud devstack-
| Changed in cinder: | |
| importance: | Undecided → Medium |
| tags: | added: keystone rbac reader role |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on cinder-tempest-plugin (master) | #1 |
To post a comment you must log in.
Change abandoned by "Luigi Toscano <email address hidden>" on branch: master
Review: https:/
Reason: The scope of protection/RBAC test changed a bit over time, and other changes addressed and will address the use case of this review in a slightly different way. See for example https:/