Ask Your Question
0

difference between KeystoneServiceAdmin and Admin role

asked 2011-12-12 04:51:01 -0500

crayon-z gravatar image

In my opinion, the Admin role can access to all operations of Keystone, while what the KeystoneServiceAdmin role can access is just a subset of the Admin role. Am I right? If so, why the first user created in Keystone(aka admin) should be assigned both the Admin and KeystoneServiceAdmin role? Isn't that redundant? If not, what the KeystoneServiceAdmin is used for?

edit retag flag offensive close merge delete

5 answers

Sort by ยป oldest newest most voted
0

answered 2011-12-16 04:18:04 -0500

You are right. If both roles are being assigned it is redundant.

edit flag offensive delete link more
0

answered 2011-12-18 14:30:14 -0500

crayon-z gravatar image

Thanks for the answers, I read the code recently and my guess is right, the KeystoneServiceAdmin role is just a subset of the Admin role.

edit flag offensive delete link more
0

answered 2011-12-16 18:51:31 -0500

annegentle gravatar image

Devstack assigns these in https://github.com/cloudbuilders/devs... , and I had the same question. My best guess is that since Devstack is used for testing, there is some edge case they are seeking with that particular role. Sorry that's not exactly an answer but it does let you safely ignore it for your setup. :)

edit flag offensive delete link more
0

answered 2012-06-18 14:39:48 -0500

Hi,

I have some doubts about user roles in Keystone, i think this doubt comes because i get used to tempauth and swauth roles and a couldn't map this roles to Keystone...

the doubt is this:

In tempauth e swauth there are 3 types of  user's roles: user, admin e resseler admin. The first have the acess to object  in a container limited to what is  admin set for him (container acl permission). The admin has full control over the container in his account and the resselr admin has full control over then accounts, containers and objects in a cluster.

In keystone, we can create the tenant and the role ( http://docs.openstack.org/essex/openstack-compute/starter/content/Creating_Keystone_Roles-d1e460.html (http://docs.openstack.org/essex/opens...) ) . So if I create the role, how do i set that one role is the "admin" role? How do i set that the role i create is is a role under the admin role? ("user" role)

edit flag offensive delete link more
0

answered 2012-06-18 14:43:33 -0500

wops, a posted the question in the wrong place, sorry.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-12-12 04:51:01 -0500

Seen: 46 times

Last updated: Jun 18 '12