How do you delegate the ability to delegate?
Lets say you are running a large cloud (purely hypothetical here) and
you want to let a user manage their own project. They are "admin" but
they should be able to invite or eject people.
In order to do this, an ordinary user needs to be able to ma
Adam.
The second issue is a big one. I think a lot of operators ( especially
newer operators ) are not aware of how much cruft builds up in the database
over time from left over security policies as tenants are created and
removed. It causes issues. I've had to work on software to manually cle
Thanks,
Kevin
From: Adam Young [ayo...@redhat.com]
Sent: Wednesday, August 05, 2015 7:50 AM
To: openstack-operators@lists.openstack.org
Subject: [Openstack-operators] Dynamic Policy
How do you delegate the ability to delegate?
Lets say you are running a large cloud (pure
[ayo...@redhat.com]
>Sent: Wednesday, August 05, 2015 7:50 AM
>To: openstack-operators@lists.openstack.org
>Subject: [Openstack-operators] Dynamic Policy
>
>How do you delegate the ability to delegate?
>
>Lets say you are running a large cloud (purely hypothetical here) and
>you want to le
From: Adam Young [ayo...@redhat.com]
Sent: Wednesday, August 05, 2015 7:50 AM
To: openstack-operators@lists.openstack.org
Subject: [Openstack-operators] Dynamic Policy
How do you delegate the ability to delegate?
Lets say you are running a large cloud (purely hypothetical here) and
you
vin
>>________
>>From: Adam Young [ayo...@redhat.com]
>>Sent: Wednesday, August 05, 2015 7:50 AM
>>To: openstack-operators@lists.openstack.org
>>Subject: [Openstack-operators] Dynamic Policy
>>
>>How do you delegate the ability
As an Op, I've ran into this problem and keep running into it. I would
>>> very much like a solution.
>>>
>>> Its also quite related to the nova instance user issue I've been
>>>working
>>> on, that's needed by the App Catalog project.
>>
>>
>> Its also quite related to the nova instance user issue I've been working
>> on, that's needed by the App Catalog project.
>>
>> So, yes, please keep fighting the good fight.
>>
>> Thanks,
>> Kevin
>> ____________
t; Senior Linux Systems Engineer
> >> GoDaddy, LLC.
> >>
> >>
> >>
> >>
> >> On 8/5/15, 9:39 AM, "Fox, Kevin M" wrote:
> >>
> >>> As an Op, I've ran into this problem and keep running into it. I would
> >>>
On 06/08/15 04:01, Kris G. Lindgren wrote:
> We ran into this as well.
>
> What we did is create an external to keystone api, that we expose to our
> end users via a UI. The api will let user create projects (with a
> specific defined quota) and also add users with the "project admins" role
> to
Systems Engineer
> > >> GoDaddy, LLC.
> > >>
> > >>
> > >>
> > >>
> > >> On 8/5/15, 9:39 AM, "Fox, Kevin M" wrote:
> > >>
> > >>> As an Op, I've ran into this problem and keep running into it. I
To: openstack-operators@lists.openstack.org
> > Subject: [Openstack-operators] Dynamic Policy for Access Control
> >
> > "Admin can do everything!" has been a common lament, heard for multiple
> > summits. Its more than just a development issue. I'd like
:45
To: openstack-operators@lists.openstack.org
Subject: [Openstack-operators] Dynamic Policy for Access Control
"Admin can do everything!" has been a common lament, heard for multiple
summits. Its more than just a development issue. I'd like to fix that. I
think we
all would.
13 matches
Mail list logo
