Is there a way to create “Security Group” rules for an instance and define policies associated to user and his role in a project? [closed]

asked 2016-11-04 05:30:40 -0600

Sameer.Kumar gravatar image

updated 2016-11-06 23:36:45 -0600

I have a single machine DevStack (Mitaka) setup. I have enabled multi domain functionality and am able to create multiple domains in my setup through Horizon. I created 2 domains, Domain A and Domain B. In Domain A, I created two projects PRJ_A1 and PRJ_A2 similarly in Domain B I created PRJ_B1 and PRJ_B2.   In each project I created one instance namely INST_A1_1, INST_A2_1, INSTB1_1, INST_B2_1.

Following networks were created in projects :

PRJ_A1 has a private network NET_1 (subnet 10.0.0.0)

PRJ_A2 has a public shared network NET_2 (subnet 120.20.20.0)

PRJ_A3 has a private shared network NET_3 (subnet 30.0.0.0)

PRJ_A4 public network NET_4 (subnet 140.40.40.0)

NET_2 and NET_3 are shared only with project PRJ_A1 through RBAC

Domain A has following users and roles:

Bob admin role for PRJ_A1 and PRJ_A2

Nick member role for PRJ_A1

Domain B has following users and roles:   Ben admin role for PRJ_A1

John member role for PRJ_A1

  Following Security Groups were created and attached to instances :

SG1 for INST_A1_1

SG2 for INST_A2_1

SG3 for INST_A3_1

SG4 for INST_A4_1

I have following question:

Is there a way to create “Security Group” rules for an instance and define policies associated to user and his role in a project? For example, I want to allow certain users to use ssh and sftp functionalities on an instance but deny these access to other users? If not, is there any alternate to achieve the same.

edit retag flag offensive reopen merge delete

Closed for the following reason duplicate question by rbowen
close date 2016-11-07 07:57:20.194265