On 07-Nov 11:16, Sameer Kumar wrote: > > I have following questions: > > > 1. Can I assign a role defined in another domain to particular > user belonging to a different project & domain? How to achieve this in > Mitaka? For example can Bob be assigned to a member role in PRJ_B1 of > Domain B while he originally belongs to PRJ_A1 of Domain A?
You should be able to use the CLI to do this. I'm not sure about how it can be done in horizon. Example command: openstack role add --user user_in_domainA --user-domain domainA --project project_in_domainB Member You example data seems to have already done this. Ben and John (from domainB) have the member role on a project in domainA. Is this causing you trouble? > > 2. Is there a way to create “Security Group” rules for an instance > and define policies associated to user and his role in a project? For > example, I want to allow certain users to use ssh and sftp > functionalities on an instance but deny these access to other users? > If not, is there any alternate to achieve the same. > > > 3. Can a user with admin role modify a shared network of project > defined in another domain? For example can Bob (admin role in PRJ_A1 > and Domain A) modify/delete ports on network NET_3 which belongs to a > PRJ_B1 of domain B? I don't really know the answer to this, but I suspect that it depends on the policy you have in place. What does your policy look like for those operations? -- david stanek web: http://www.dstanek.com blog: http://www.traceback.org _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
