We use the user id policy feature in several large projects at CERN. The typical case is a set of developers (more than 150) who are working for a single team and need the abilities to reboot/restart their own machines. The project admins provide 2nd level support. I believe that the changes described above will break this functionality.
I would propose that until the equivalent function is available in Keystone, this functionality in Nova be retained. Equally, changes such as this in the security area need to be handled very sensitively with the user communities who depend on these functions.
We use the user id policy feature in several large projects at CERN. The typical case is a set of developers (more than 150) who are working for a single team and need the abilities to reboot/restart their own machines. The project admins provide 2nd level support. I believe that the changes described above will break this functionality.
I would propose that until the equivalent function is available in Keystone, this functionality in Nova be retained. Equally, changes such as this in the security area need to be handled very sensitively with the user communities who depend on these functions.