Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

limit instance administration via policy.json

i would like to limit what users can do to instances created by other users in the Project

for example if User1 creates an instance. User2 should not have the rights to reboot it. I understand I need to use policy.json for this. I have tried an number of methods "os_compute_api:servers:reboot": "user_id:%(user_id)s", "os_compute_api:servers:reboot": "user_id:%(target.user.id)s", "os_compute_api:servers:reboot": "user_id:%(target.credential.user_id)s",

I was able to get what I needed by giving User1 and User2 different roles in the Project. But that doesn't help when User3 is added to the scenario. "os_compute_api:servers:reboot": "role:User1_Role",

please advise, I must be missing something

a second quick question: can I limit the instances that User2 can see in Horizon? So that User2 can only see the instances s/he has created or owns and no even see User1's instances?

thanks

limit instance administration via policy.json

i would like to limit what users can do to instances created by other users in the Project

for example if User1 creates an instance. User2 should not have the rights to reboot it. I understand I need to use policy.json for this. I have tried an number of methods "os_compute_api:servers:reboot": "user_id:%(user_id)s", "os_compute_api:servers:reboot": "user_id:%(target.user.id)s", "os_compute_api:servers:reboot": "user_id:%(target.credential.user_id)s",

I was able to get what I needed by giving User1 and User2 different roles in the Project. But that doesn't help when User3 is added to the scenario. "os_compute_api:servers:reboot": "role:User1_Role",

please advise, I must be missing something

a second quick question: can I limit the instances that User2 can see in Horizon? So that User2 can only see the instances s/he has created or owns and no even see User1's instances?

thanks

limit instance administration via policy.json

i would like to limit what users can do to instances created by other users in the Project

for example if User1 creates an instance. User2 should not have the rights to reboot it. I understand I need to use policy.json for this. I have tried an number of methods methods

"os_compute_api:servers:reboot": "user_id:%(user_id)s", "user_id:%(user_id)s",

"os_compute_api:servers:reboot": "user_id:%(target.user.id)s", "user_id:%(target.user.id)s",

"os_compute_api:servers:reboot": "user_id:%(target.credential.user_id)s",

I was able to get what I needed by giving User1 and User2 different roles in the Project. But that doesn't help when User3 is added to the scenario. scenario.

"os_compute_api:servers:reboot": "role:User1_Role",

please advise, I must be missing something

a second quick question: can I limit the instances that User2 can see in Horizon? So that User2 can only see the instances s/he has created or owns and no even see User1's instances?

thanks

limit instance administration via policy.json

i would like to limit what users can do to instances created by other users in the Project

for example if User1 creates an instance. User2 should not have the rights to reboot it. I understand I need to use policy.json for this. I have tried an number of methods

"os_compute_api:servers:reboot": "user_id:%(user_id)s",

"os_compute_api:servers:reboot": "user_id:%(target.user.id)s",

"os_compute_api:servers:reboot": "user_id:%(target.credential.user_id)s",

I was able to get what I needed by giving User1 and User2 different roles in the Project. But that doesn't help when User3 is added to the scenario.

"os_compute_api:servers:reboot": "role:User1_Role",

please advise, I must be missing something

a second quick question: can I limit the instances that User2 can see in Horizon? So that User2 can only see the instances s/he has created or owns and no not even see User1's User1/3's instances?

thanks

limit instance administration via policy.json

i would like to limit what users can do to instances created by other users in the Project

for example if User1 creates an instance. User2 should not have the rights to reboot it. I understand I need to use policy.json for this. I have tried an number of methods

"os_compute_api:servers:reboot": "user_id:%(user_id)s",

"os_compute_api:servers:reboot": "user_id:%(target.user.id)s",

"os_compute_api:servers:reboot": "user_id:%(target.credential.user_id)s",

I was able to get what I needed by giving User1 and User2 different roles in the Project. But that doesn't help when User3 is added to the scenario.

"os_compute_api:servers:reboot": "role:User1_Role",

please advise, I must be missing somethingsomething, I am using a 3 server RDO Newton environment.

a second quick question: can I limit the instances that User2 can see in Horizon? So that User2 can only see the instances s/he has created or owns and not even see User1/3's instances?

thanks