Reseller Permissions

asked 2015-10-27 09:32:13 -0500

slice16 gravatar image


Is it possible to create a role within Openstack so that they can create their own projects/tenants as though they are a reseller of our service? So in essence, they can create a new tenant/project which can only be access by the new tenant. Then they can only see the projects/tenants they have created themselves?



edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-11-03 07:25:30 -0500

capsali gravatar image

Well you can do this if you are using keystone v3 and domains. But it is not fully suported by all openstack services.

In theory you create a cloud admin that has access to all deployment. You create a domain for the reseller and give admin role to that domain to the user. He can now create users and project inside his domain only,

The problem is horizon doesn't support domain scope tokens without some patches. And as i understood they will change keystones domain scope tokens function so i would wait and see what directions they take.

We dropped domains untill further notice from our enveironment.

There are some tutorials online on how to achieve domains in openstack using keystone v3.

At a first search i came out with this link text but there are other tutorials too.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-10-27 09:32:13 -0500

Seen: 823 times

Last updated: Nov 03 '15