Hi Sudheesh,
Using v3/policies is just a way of allowing other keystone projects (nova,
glance) etc. a place to centrally store/access their policy files. Keystone
does not interpret any of the data you store here - it is simply acting as a
central repository (where you can store a big blob of data that is, in effect,
your policy file). So the only place you can set policies is in the policy
file.
Henry
On 13 Aug 2013, at 08:22, sudheesh sk wrote:
> Hi ,
>
> I am trying to understand Difference between RBAC polices thats stored in
> policy.json and policies that can be created using
> openstack/identity/v3/policies.
>
> I got answer from openstack forum that I can use both DB and policy.json
> based implementation for RBAC policy management.
>
> Can you please tell me how to use DB based RBAC ? I can elaborate my question
> 1. In policy.json(keystone) I am able to define rule called - admin_required
> 2. Similarly I can define rules line custome_role_required
> 3. Then I can add this rule against each services (like for eg :
> identity:list_users = custom_role_required How can I use this for DB based
> RBAC policies? Also there are code like self.policy_api.enforce(context,
> creds, 'admin_required', {}) in many places (this is in wsgi.py)
>
> How can I utilize the same code and at the same time move the policy
> definition to DB
>
> Thanks a million,
> Sudheesh
>
>
> _______________________________________________
> OpenStack-dev mailing list
> [email protected]
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
