Open seancarlisle opened 10 years ago
We've thought of a few roles:
its not working for me ! Please help
Hi @Simna123
What exactly isn't working for you? If you could provide a little more information (logs, errors etc) it would aid us in getting to the bottom of your problem.
Thanks
All i need is a read-only role which can be assigned to users in openstack.
As explained in the above post (by seancarlisle),
I created a Role - "viewer" Assigned it to a new User Removed the member role from that particular user And in /etc/nova/policy.json Added a new rule named "viewer" like so: "viewer": "role:viewer" Change the "default" rule like so: "default": "rule:viewer" Change "admin_or_owner" rule like so: "admin_or_owner": "is_admin:True or role:Member" & "compute:create": "", becomes "compute:create": "rule:admin_or_owner"
Now what i am expecting as output is that, the new user with viewer role will not be able to launch instances.
But the new user is still able to launch instances. :/
same for me too. New user is still able to launch instances
There is an old but inactive blueprint for this. I would love to have this role added to the vanilla code! https://blueprints.launchpad.net/keystone/+spec/admin-readonly-role
Use cases exist where users need to retrieve usage information, but not be able to create or delete anything in the environment. This necessitates the creation of a read-only Keystone role, but will require modifications to policy.json for each of the services. Below are VERY rough steps on how I modified Nova's policy.json in my lab: