predefined roles

Bug #1204643 reported by Adam Young on 2013-07-24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)

Bug Description

keystone should include predefined roles such as

network-admin, network-viewer ,network-operator

which would be consumed by Neutron for network operations.

For Keystone, the roles should map to common use cases. A member of a project might not be allowed to see all memebers, but you should not have to be an administrator in order to list members. Thus, an appropriate role would indicate the "list users" type of use case.

Dolph Mathews (dolph) wrote :

How/why is this in scope for keystone?

Changed in keystone:
status: New → Opinion
Adam Young (ayoung) wrote :

It is part of the larger policy effort. Defining an expected set of roles will allow us to write a more granular set of default policies.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers