Glance

  1. Bug #1010547
  2. Comment #4

Comment 4 for bug 1010547

Revision history for this message
Joseph Heck (heckj) wrote : Re: Admin rights escalate to other tenants (was: glance allows to delete arbitrary images)

While I agree this should be fixed, it's not a security bug but how the initial version of authorization was implemented.

In the Diablo and Essex releases of OpenStack, Admin was effectively global and not per-tenant or per-service. That's the entire reason of adding in domains to Keystone, and behind the idea of unifying the role names (which are installation-global) to match up with local service policy.json files. (i.e. move to "nova-admin", "glance-admin", etc instead of a single "admin")

If you want a role that's a global admin, you can still use "admin" and create associated policy.json files that respect that identifier.