With using V3 cloud admin policy, domain admin unable to list role assignment for projects in his domain
Bug #1437407 reported by
Guang Yee
This bug affects 7 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Guang Yee | ||
python-keystoneclient |
Fix Released
|
Medium
|
Dan Nguyen |
Bug Description
With v3 cloud admin policy file, domain admin can assignment roles to user for projects in his domain. However, he's unable to list those assignment.
The expectation is that domain admin should be able to list role assignments for projects in his own domain.
Changed in keystone: | |
status: | New → Confirmed |
Changed in keystone: | |
status: | Confirmed → Triaged |
status: | Triaged → Confirmed |
Changed in keystone: | |
assignee: | nobody → Lin Hua Cheng (lin-hua-cheng) |
Changed in keystone: | |
assignee: | Priti Desai (priti-desai) → Guang Yee (guang-yee) |
To post a comment you must log in.
As a domain administrator (using token scoped to domain) - unable to list role assignments for a project in my domain:
$ openstack role assignment list --project 3013df710d604ed 68ce8e3daf80893 86 list_role_ assignments. (HTTP 403)
ERROR: openstack You are not authorized to perform the requested action, identity: