Hi Chengwei,
You can create as much roles as you want and create/modify rules in
policy.json (can be found in /etc/keystone and other configuration
directories of Openstack modules) to put these roles into reality
And there is no notion 'project admin'. Unfortunately, in Keystone
everybody who has role 'admin' is entire Openstack admin, not project's.
Be aware :)
On 10/19/17 8:22 AM, Chengwei Yang wrote:
Hi list,
I'm recently learn keystone and got some questions below, thanks any reply in
advance!
1. It seems that there are only 2 kinds of roles, regardless how many
roles you created, all of them should be non-admin or admin, am I right?
2. If I was wrong, how to create a role with specific capabilities?
3. Is it possible to assign some project admin privileges to user or group?
so far I see only the admin created by keystone-bootstrap with
capabilities to manage project(create, delete and etc.)
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
