Ask Your Question
0

How can I restrict visibility of instances in a project

asked 2015-09-24 12:26:43 -0600

apu123 gravatar image

Hi Everyone,

I am attempting to restrict users from seeing other users' instances within a project. I attempted the following modification of nova/policy.json:

"admin_or_owner": "role:admin or is_admin:True or user_id:%(user_id)s",
...
"compute:get_all": "rule:admin_or_owner",

I know the policy is being applied, because if I make it only "role:admin or is_admin:True", then it allows only admins to view the instance list.

Even though instances are associated with a user, is it possible the list of instances itself has ownership which is being checked (and that ownership is everyone in the project)?

Any suggestions or insight into this would be greatly appreciated!

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-05-19 04:46:04 -0600

Senthil gravatar image

Did we have fix for the above question?

Thanks, Senthil

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-09-24 12:26:43 -0600

Seen: 258 times

Last updated: May 19 '16

Related questions

How to change keystone policy?

Overcommitting of CPUs on Qemu?

neutron client authentication failed

Add -cpu kvm=off flag

instance hostname vs display_name [closed]

Instance stuck booting from Hard Disk

instance console error [solved]

ping running instance

Failure prepping block device

slow snapshot [closed]