Could [1] extended to security groups be fit for your purpose? A simpler solution would be allow admin-owned security groups to be visible to tenants, but what's tricky here is overlapping IP support, but at the same time they should not be allowed to be edited.
Could [1] extended to security groups be fit for your purpose? A simpler solution would be allow admin-owned security groups to be visible to tenants, but what's tricky here is overlapping IP support, but at the same time they should not be allowed to be edited.
[1] http:// specs.openstack .org/openstack/ neutron- specs/specs/ liberty/ rbac-networks. html
To be discussed at the drivers meeting.