Ask Your Question
0

Assign a role to only list users keystone policy.json

asked 2015-03-03 09:30:59 -0500

JonasH gravatar image

I would like to create a role that has special permission to list users. But should not be admin. Running openstack Icehouse

I am trying to modify the keystone policy.json and tried different settings. eg.

"identity:list_users": "role:tokenadmin", and "admin_or_tokenadm": "rule:admin_required or role:tokenadmin",

and then "identity:list_users": "rule:admin_or_tokenadm",

But a user with the tokenadmin role get

You are not authorized to perform the requested action, admin_required. (HTTP 403) when trying to run keystone user-list

Is this possible?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-03-03 12:56:32 -0500

If you want to define/use roles, you need to use keystone v3 apis. If you plan to use keystone v3 api, you should start using openstack client and not keystone command line client as it doesn't support v3 apis.

https://github.com/openstack/keystone...

BTW changing the line identity:list_users has effect only in keystone v3

edit flag offensive delete link more

Comments

Okey but what if we want a custom horizion dashboard that lists user. Sort of the same way as the identy panel does. Do horizon then need to work with keystone v3 api?

JonasH gravatar imageJonasH ( 2015-03-03 13:20:04 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-03-03 09:30:59 -0500

Seen: 529 times

Last updated: Mar 03 '15