Ask Your Question

Security : should admin of one tenant allowed to reboot server belonging to different tenant ?

asked 2012-03-30 11:04:58 -0500

mandarvaze gravatar image

I want to understand if there is a concept of tenant-level admin Vs global admin.

Currently it seems like only check done is whether user has admin role or not (no check is done to match the tenant if user has admin role) This results into scenario where demoAdmin can reboot adminServer - This seems like security violation.

========== I have "devstack" setup with two tenants : admin and demo I created a user "demoadmin" and assigned "admin" role for this user for tenant "demo" using : "keystone user-role-add --role <uuid_of_admin_role> --tenant_id <uuid_of_demo_tenant> --user <uuid>"

when I login to dashboard using this account, I can only see single project/tenant i.e. "demo" as expected.

In another tenant "admin" I created an instance "adminServer" - I have it's UUID stored for testing. Now using "demoadmin" credentials, I can successfully reboot "adminServer"

Expected Response : reboot should not be allowed

Actual response :

"adminServer" is rebooted using "demoadmin" credentials

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2012-03-30 12:52:27 -0500

johngarbutt gravatar image

Take a look at this: (

edit flag offensive delete link more

answered 2012-04-02 10:21:26 -0500

mandarvaze gravatar image

Thanks John Garbutt, that solved my question.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2012-03-30 11:04:58 -0500

Seen: 17 times

Last updated: Apr 02 '12