Ask Your Question
0

How can I restrict visibility of instances in a project

asked 2015-09-24 12:26:43 -0600

apu123 gravatar image

Hi Everyone,

I am attempting to restrict users from seeing other users' instances within a project. I attempted the following modification of nova/policy.json:

"admin_or_owner": "role:admin or is_admin:True or user_id:%(user_id)s",
...
"compute:get_all": "rule:admin_or_owner",

I know the policy is being applied, because if I make it only "role:admin or is_admin:True", then it allows only admins to view the instance list.

Even though instances are associated with a user, is it possible the list of instances itself has ownership which is being checked (and that ownership is everyone in the project)?

Any suggestions or insight into this would be greatly appreciated!

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-05-19 04:46:04 -0600

Senthil gravatar image

Did we have fix for the above question?

Thanks, Senthil

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-09-24 12:26:43 -0600

Seen: 210 times

Last updated: May 19 '16

Related questions

Limiting VM access to admin_or_owner in Grizzly

change novalocal suffix in HOSTNAME

Can't deploy an instance. Image not found

How to nova boot an instance with a specific admin_pass ?

Network Injection not working

Horizon stuck on 'queued' forever when creating an image

Volume did not finish being created even after we waited some seconds

nova ceph copy-on-write images doesn't work even if it's configured to

Improving disk performance?

rules in policy.json