default role documentation: who can assign roles?

Bug #1924790 reported by Andrew Bogott
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Expired
Wishlist
Unassigned

Bug Description

I'm hoping that my cloud will soon be able to adopt the new default scoped role model documented at

  https://docs.openstack.org/keystone/latest/admin/service-api-protection.html

That document is good about detailing which roles can read and view existing role assignments, but I can't tell which users can or can't assign new roles. For example, if I give a user the admin role in a project, can that user add additional users to that project?

Revision history for this message
Adam Young (ayoung) wrote :

Are you looking to get that information for every API? It has been discussed in the past. It needs a serious spec.

Changed in keystone:
status: New → Incomplete
importance: Undecided → Wishlist
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for OpenStack Identity (keystone) because there has been no activity for 60 days.]

Changed in keystone:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.