OpenStack Identity (keystone)

  1. Bug #1872733
  2. Comment #18

Comment 18 for bug 1872733

Revision history for this message
kay (kay-diam) wrote : Re: Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID

There are at least two use cases, when project admin user or barbican secret owner needs to know user ID (in certain cases they are provisioned automatically, e.g. by LDAP):
* assign a project role to this user, so he can access the project: https://docs.openstack.org/api-ref/identity/v3/?expanded=assign-role-to-user-on-project-detail#assign-role-to-user-on-project* fine grained barbican ACL permissions: https://docs.openstack.org/barbican/latest/api/reference/acls.html

Therefore it is not clear, whether user IDs or project IDs have to be considered as sensitive.