Revoking "admin" role from a group invalidates domain admin's token
Bug #1590805 reported by
Niranjana Adiga
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Steps to reproduce
1. Login as domain admin
2. Create a new group and grant "admin" role to it.
3. Group will be empty with no users added to it.(Domain admin won't be part of this group)
4. Now revoke "admin" role from this group.
5. Token for domain admin will be invalidated and he/she has to login again.
description: | updated |
Changed in keystone: | |
assignee: | nobody → Vishakha Agarwal (vishakha.agarwal) |
Changed in keystone: | |
milestone: | none → pike-1 |
To post a comment you must log in.
According to your steps, you grant a group role, as you said, domain admin won't be part of this group, so the behavior is correct. If you want to domain admin still with this role, you should grant the role for user and not just for group.