User with reader role has same permissions as with member role
Bug #1915193 reported by
Tomas Stodulka
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
Default role reader doesn't meet its expectations from https:/
Actual results:
In my case, reader can create/delete instances or also routers, networks,...
Expected results:
Users with reader role should only list the mentioned resources and don't touch the virtual infrastructure.
Environment:
Centos 8.2.2004
OpenStack release: Ussuri, deployed using kolla-ansible
Is there anything additional, that needs to be done for setup reader role? My policies of Keystone and Neutron are attached.
To post a comment you must log in.
You need to provide configuration parameters, for example, in case of nova it should be [oslo_policy] enforce_ new_defaults = True