Public bug reported: I have project A with user Anna, who has a role representing nova admin assigned (needed to allow creation of private flavors). I have project B with user Ben, who has a role representing nova admin assigned (needed to allow creation of private flavors). Anna has no permission on project B. Ben has no permission on project A.
Anna creates a private flavor 'A_private', gives flavor access to project A. Expected behaviour: only Anna (or any other nova admin in project A) can perform actions on this flavor. Issue: Ben can perform all sort of actions on the private flavor 'A_private' (read, delete, manage access, manage extra specs). Observed in Mitaka, but I haven't seen any updates related to this, so this should be the same in master. Please correct me if I'm wrong. ** Affects: nova Importance: Undecided Status: New ** Description changed: I have project A with user Anna, who has a role representing nova admin assigned (needed to allow creation of private flavors). I have project B with user Ben, who has a role representing nova admin assigned (needed to allow creation of private flavors). Anna has no permission on project B. Ben has no permission on project A. Anna creates a private flavor 'A_private', gives flavor access to project A. Expected behaviour: only Anna (or any other nova admin in project A) can perform actions on this flavor. Issue: Ben can perform all sort of actions on the private flavor 'A_private' (read, delete, manage access, manage extra specs). + + Observed in Mitaka, but I haven't seen any updates related to this, so + this should be the same in master. Please correct me if I'm wrong. -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1649532 Title: private flavors globally visible Status in OpenStack Compute (nova): New Bug description: I have project A with user Anna, who has a role representing nova admin assigned (needed to allow creation of private flavors). I have project B with user Ben, who has a role representing nova admin assigned (needed to allow creation of private flavors). Anna has no permission on project B. Ben has no permission on project A. Anna creates a private flavor 'A_private', gives flavor access to project A. Expected behaviour: only Anna (or any other nova admin in project A) can perform actions on this flavor. Issue: Ben can perform all sort of actions on the private flavor 'A_private' (read, delete, manage access, manage extra specs). Observed in Mitaka, but I haven't seen any updates related to this, so this should be the same in master. Please correct me if I'm wrong. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1649532/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp