Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Project Admin

Hi,

I have put following update on /etc/openstack-dashboard/keystone_policy.json and /etc/keystone/policy.json.

{
    "project_admin": "role:project-admin and project_id:%(target.project.id)s",
    "identity:get_user": "rule:admin_or_owner or rule:project_admin",
    "identity:list_users": "rule:admin_required or rule:project_admin",
    "identity:create_user": "rule:admin_required or rule:project_admin",
    "identity:update_user": "rule:admin_required or rule:project_admin",
    "identity:delete_user": "rule:admin_required or rule:project_admin"
}

But the user with project-admin role still cannot see his own project users and cannot create other users for that project. What have I missed?

Best regards,