We implemented something here at Symantec that sounds very similar to what you¹re both talking about. We have three levels of Admin - Cloud, Domain, and Project. If you¹re interested in checking it out, we actually presented on this topic in Austin.
The presentation : https://www.youtube.com/watch?v=v79kNddKbLc All the referenced files can be found in our github here : https://github.com/Symantec/Openstack_RBAC Specifically you may want to check out our keystone policy file that defines cloud_admin domain_admin and project_admin : https://github.com/Symantec/Openstack_RBAC/blob/master/keystone/policy.json Tim On 6/20/16, 5:17 AM, "Eugen Block" <ebl...@nde.ag> wrote: >I believe you are trying to accomplish the same configuration as I do, >so I think domains are the answer. You can devide your cloud into >different domains and grant admin rights to specific users, which are >not authorized to see the other domains. Although I'm still not sure >if I did it correctly and it's not fully resolved yet, here is a >thread I started a few days ago: > >http://lists.openstack.org/pipermail/openstack/2016-June/016454.html > >Regards, >Eugen > >Zitat von Venkatesh Kotipalli <openstackvenkat...@gmail.com>: > >> Hi Folks, >> >> Is it possible to create a project admin in openstack. >> >> As we identified when ever we created a project admin it will show >>entire >> cloud (Like : other users and all services completely admin access). >>but i >> want to see the particular project users,admins and control all the >> services. >> >> Guys please help me this part. I am really very confused. >> >> Regards, >> Venkatesh.k > > > >-- >Eugen Block voice : +49-40-559 51 75 >NDE Netzdesign und -entwicklung AG fax : +49-40-559 51 77 >Postfach 61 03 15 >D-22423 Hamburg e-mail : ebl...@nde.ag > > Vorsitzende des Aufsichtsrates: Angelika Mozdzen > Sitz und Registergericht: Hamburg, HRB 90934 > Vorstand: Jens-U. Mozdzen > USt-IdNr. DE 814 013 983 > > >_______________________________________________ >Mailing list: >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >Post to : openstack@lists.openstack.org >Unsubscribe : >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack