Ask Your Question

Is the true that mulitple users in a same Project have the same privilege to manage any of the instances or volumes created in the Project, e.g. delete or edit an instance or a volume that was created by other people in the same project?

asked 2016-03-03 11:08:29 -0500

Jinhui gravatar image

If that is true, is there a way to keep track of general users activities for a admin user? For example, if a volume in a Project was deleted, at least an admin user knows who did it , otherwise it might cause trouble if such a thing happens. That is just a serious concern when you work in a group that dealing with sensitive medical data on a shared cloud environment using OpenStack.

edit retag flag offensive close merge delete


You asked two separate questions. One completely in the (very long) title and one in the body. It would have been better to ask your questions separately.

Enno Gröper gravatar imageEnno Gröper ( 2016-03-04 05:58:13 -0500 )edit

1 answer

Sort by » oldest newest most voted

answered 2016-03-03 11:52:26 -0500

hayderimran7 gravatar image

No, it depends upon the role assigned to each user in that project. A project is just like a grouping entity for organizing users, however user privileges depend upon the role assigned to them.
And the power of role is determined by how you define your policy.json for each service. for instance Member role may list all images but is not allowed to create an image.

edit flag offensive delete link more


Thanks!The way you described is based on the policies defined for user roles. Is there a way to define the ownership of an instance/volume when it is created in a project that has multiple users, then only allow the owner to manage on their own items, any example or docs for that? Many thanks!!

Jinhui gravatar imageJinhui ( 2016-03-04 14:42:51 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2016-03-03 11:08:29 -0500

Seen: 435 times

Last updated: Mar 03 '16