Ask Your Question

Is a domain admin allowed to delete the instance of other domain?

asked 2016-08-04 03:20:43 -0500

anonymous user


I have created two domains in the my openstack environment named "default" and "student". And created admin accounts in both domains. I want to ask why can admin account in "student" domain view or delete the instances of "default" domain. How can i disable the settings so that admins of one domain can't view or delete the instances of other domain?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-08-05 00:31:44 -0500

vjayaraj gravatar image

If a user has an admin role in another domain, he can delete the instances of the other domain. Although you have created two different admins, the role "admin" remains the same.

Check /etc/keystone/policy.json file. There you will find which roles have access to what operations. If you want to disable the settings as per your requirement, you have to add the new role in the policy.json file.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-08-04 03:19:39 -0500

Seen: 263 times

Last updated: Aug 04 '16