Ask Your Question
0

Is a domain admin allowed to delete the instance of other domain?

asked 2016-08-04 03:20:43 -0500

anonymous user

Anonymous

I have created two domains in the my openstack environment named "default" and "student". And created admin accounts in both domains. I want to ask why can admin account in "student" domain view or delete the instances of "default" domain. How can i disable the settings so that admins of one domain can't view or delete the instances of other domain?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2016-08-05 00:31:44 -0500

vjayaraj gravatar image

If a user has an admin role in another domain, he can delete the instances of the other domain. Although you have created two different admins, the role "admin" remains the same.

Check /etc/keystone/policy.json file. There you will find which roles have access to what operations. If you want to disable the settings as per your requirement, you have to add the new role in the policy.json file.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-08-04 03:19:39 -0500

Seen: 150 times

Last updated: Aug 04 '16