How can I restrict visibility of instances in a project

asked 2015-09-24 12:26:43 -0600

apu123 gravatar image

Hi Everyone,

I am attempting to restrict users from seeing other users' instances within a project. I attempted the following modification of nova/policy.json:

"admin_or_owner": "role:admin or is_admin:True or user_id:%(user_id)s",
"compute:get_all": "rule:admin_or_owner",

I know the policy is being applied, because if I make it only "role:admin or is_admin:True", then it allows only admins to view the instance list.

Even though instances are associated with a user, is it possible the list of instances itself has ownership which is being checked (and that ownership is everyone in the project)?

Any suggestions or insight into this would be greatly appreciated!

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-05-19 04:46:04 -0600

Did we have fix for the above question?

Thanks, Senthil

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-09-24 12:26:43 -0600

Seen: 258 times

Last updated: May 19 '16