Difference between revisions of "Admin-readonly-role"
Line 14: | Line 14: | ||
• | • | ||
− | does anyone have >2 roles? | + | '''does anyone have >2 roles?''' |
* yes 3 level roles - god / tenant admin / user - users can't alter other user's stuff. However, glance does not support this at all: images are owned by the tenant_id, so anyone else in the tenant can delete/alter it | * yes 3 level roles - god / tenant admin / user - users can't alter other user's stuff. However, glance does not support this at all: images are owned by the tenant_id, so anyone else in the tenant can delete/alter it | ||
* glance owner_is_tenant - doesn't appear to be well tested. | * glance owner_is_tenant - doesn't appear to be well tested. | ||
* option: use repose to fake RBAC on top of the API that doesn't support | * option: use repose to fake RBAC on top of the API that doesn't support | ||
* We use 5 roles but in practice, only 4 of those are valid and only god/user have anything to do with real privs. (We use one extra role to allow/disallow DELETION of floating ip assignment which is arguably a specific level of control/role.) | * We use 5 roles but in practice, only 4 of those are valid and only god/user have anything to do with real privs. (We use one extra role to allow/disallow DELETION of floating ip assignment which is arguably a specific level of control/role.) |
Latest revision as of 07:15, 3 October 2014
At the Juno Operator's mid-cycle meetup there was a request for users with admin-readonly privileges.
Excerpting from https://etherpad.openstack.org/p/SAT-ops-security the role related interchange.
• Tenants, roles, user creation etc
- roles right now are either all pervasive super admin or end user. Having multiple roles are not uniformly supported, for instance glance
- lack of usable RBAC for admin: either admin, or nothing
- and, to make it worse, static configs as management of capabilities
- some hardcoded in code assumptions that you must be admin to do X
- also related: difficulty in knowing what can be configured
- Congress as a proposed solution
• does anyone have >2 roles?
- yes 3 level roles - god / tenant admin / user - users can't alter other user's stuff. However, glance does not support this at all: images are owned by the tenant_id, so anyone else in the tenant can delete/alter it
- glance owner_is_tenant - doesn't appear to be well tested.
- option: use repose to fake RBAC on top of the API that doesn't support
- We use 5 roles but in practice, only 4 of those are valid and only god/user have anything to do with real privs. (We use one extra role to allow/disallow DELETION of floating ip assignment which is arguably a specific level of control/role.)