Comment 13 for bug 1170186
Revision history for this message
| Lin Hua Cheng (lin-hua-cheng) wrote | #13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Validated that assigning roles to User/Group does not revoke the token anymore, this was fixed in Keystone.
Revoking roles from User/Group still revokes the token.
For revoking roles from User/Group, it is by design to revoke the token immediately because from security perspective revoking roles must be immediate to prevent user from further accessing the system. Adding roles is less important and could wait until the user re-authenticates.