Ask Your Question

is it possible to create admin and super user in openstack ?

asked 2015-02-11 23:59:14 -0500

anonymous user


I want restrict the power of admin to just tenant level and that of the superuser to overall openstack is it possible ?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-02-12 00:59:07 -0500

If you are willing to change every services policy file, then you can do it. Every service assumes any user with the role "admin" as superuser. Due to this "admin" in one service is by default "admin" in other service. As a first step you need to define "NovaAdmin" , "NeutronAdmin" and change the respective services policy file to use that role. This isolates one service's admin from becoming "admin" for another service.

What do you mean by restrict power at tenant level. All the service operations operate on tenant level except keystone operations. Do you have an example of any service operation which doesn't operate on tenant level?

edit flag offensive delete link more


Restrict power of admin at tenant level means, consider two projects Project A and Project B who have Admin A and Admin B respectively, Now I want the Admin A to modify only the resources and Users of Project A but not Project B and Admin B of Project B Only.

sumanth19911231 gravatar imagesumanth19911231 ( 2015-02-12 14:21:24 -0500 )edit

This is keystone operation. You can't do this in keystone v2. You can do this in keystone v3. Look at keystone . If you use v3cloudsample.json as policy file ( with some modification) you an do that

Haneef Ali gravatar imageHaneef Ali ( 2015-02-12 17:53:29 -0500 )edit

Ok will try it thanks

sumanth19911231 gravatar imagesumanth19911231 ( 2015-02-12 22:36:41 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-02-11 23:59:14 -0500

Seen: 694 times

Last updated: Feb 12 '15