Can I assign a role defined in another domain to particular user belonging to a different project & domain?

asked 2016-11-04 05:29:44 -0600

Sameer.Kumar gravatar image

I have a single machine DevStack (Mitaka) setup. I have enabled multi domain functionality and am able to create multiple domains in my setup through Horizon. I created 2 domains, Domain A and Domain B. In Domain A, I created two projects PRJ_A1 and PRJ_A2 similarly in Domain B I created PRJ_B1 and PRJ_B2.   In each project I created one instance namely INST_A1_1, INST_A2_1, INSTB1_1, INST_B2_1.

Following networks were created in projects :

PRJ_A1 has a private network NET_1 (subnet 10.0.0.0)
PRJ_A2 has a public shared network NET_2 (subnet 120.20.20.0)
PRJ_A3 has a private shared network NET_3 (subnet 30.0.0.0)
PRJ_A4 public network NET_4 (subnet 140.40.40.0)

NET_2 and NET_3 are shared only with project PRJ_A1 through RBAC  

Domain A has following users and roles:  

Bob admin role for PRJ_A1 and PRJ_A2

Nick member role for PRJ_A1

Domain B has following users and roles:

Ben admin role for PRJ_A1

John member role for PRJ_A1  

Following Security Groups were created and attached to instances :

SG1 for INST_A1_1 SG2 for INST_A2_1 SG3 for INST_A3_1 SG4 for INST_A4_1

My question is:

Can I assign a role defined in another domain to particular user belonging to a different project & domain? How to achieve this in Mitaka? For example can Bob be assigned to a member role in PRJ_B1 of Domain B while he originally belongs to PRJ_A1 of Domain A?

edit retag flag offensive close merge delete