Ask Your Question

Revision history [back]

Conside the following situation. You are administrator of openstack, and want to define a new company operator with ability to add, remove and controling the access of other users. How can you do this before the emergence of domain concept? You had to add user_crud role to operator, that allows him to have full administrative access to all users and projects defined in keystone but not the subset of those. This is not a good solution and you don't want to give the operator to have full access over all defined users. You want to give access to a subset of users and tenants(projects).

So domain provides an administrative boundries for keystone entities(Project, users, roles, ...). Hope to be helpful.

See this page for more information.

Conside the following situation. You are administrator of openstack, and want to define a new company operator with ability to add, remove and controling the access of other users. How can you do this before the emergence of domain concept? You had to add user_crud role to operator, that allows him to have full administrative access to all users and projects defined in keystone but not the subset of those. This is not a good solution and you don't want to give the operator to have full access over all defined users. You want to give access to a subset of users and tenants(projects).

So domain provides an administrative boundries for keystone entities(Project, users, roles, ...). Hope to be helpful.

See this page for more information.