Ask Your Question
0

How can I restrict visibility of instances in a project

asked 2015-09-24 12:26:43 -0500

apu123 gravatar image

Hi Everyone,

I am attempting to restrict users from seeing other users' instances within a project. I attempted the following modification of nova/policy.json:

"admin_or_owner": "role:admin or is_admin:True or user_id:%(user_id)s",
...
"compute:get_all": "rule:admin_or_owner",

I know the policy is being applied, because if I make it only "role:admin or is_admin:True", then it allows only admins to view the instance list.

Even though instances are associated with a user, is it possible the list of instances itself has ownership which is being checked (and that ownership is everyone in the project)?

Any suggestions or insight into this would be greatly appreciated!

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-05-19 04:46:04 -0500

Senthil gravatar image

Did we have fix for the above question?

Thanks, Senthil

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-09-24 12:26:43 -0500

Seen: 192 times

Last updated: May 19 '16

Related questions

how security group is implemented

Got ERROR log when "nova-manage db sync"

gluster volume for nova instance

Launching instance on RHOSP 10 (Newton) fails with memory over 30G

ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500)

nova-docker setup in devstack

installing nova from git

Where is the documentation for blueprint shelve-instance?

cannot add the default external network to an instance

Can we set admin password return on horizon for every new instance create?