Revision history [back]

click to hide/show revision 1
initial version

What does "scope" mean in OpenStack?

Hi all,

I'm learning v3 API recently, the "scope" of tokens really makes me confused, could anyone tell me what's the difference between domain-scoped, project-scoped, and un-scoped tokens?

I read the docs, it says you will not get catalog, project, domain and some other fields in an un-scoped token, but which one should I choose between domain-scoped and project-scoped tokens?

Also, the "role" concept seems to have scope too, as we can grant a role to a user on a project, also we can grant a role to a user on a domain. Does this mean differences in privilege? Like granting a role to a user on a project means the user can only access resources in this project?

please help me to solve these questions, and I'm very happy to discuss these concepts with you.