| sulo | Hi all, I did a fresh install of yoga, created a new domain called domain1 (Default exists) so i have 2 doamins. Created a new user called user1 on domain1 ... gave it admin role. I was expecting it to only be admin on the new domain, but it seems to be admin on all domains. | 08:23 |
|---|---|---|
| sulo | Am I missing anything ? | 08:23 |
| sulo | What i am trying to get : An admin on domian1 should only be admin on domain1 only and admin on domian2 to be admin on domain2 only. Is there something to achieve this ? | 08:25 |
| frickler | sulo: this is not possible with keystone. there have been various attempts at solving this, but no real solution exists even 10 years later. see https://bugs.launchpad.net/keystone/+bug/968696 | 09:41 |
| sulo | frickler: thank you. So just to be clear, if admin role is given it will be admin for everything right? Is it possible to control this through any policy ? | 09:44 |
| d34dh0r53 | keystone reviewathon https://meet.google.com/drx-yoqc-nzs | 14:01 |
| opendevreview | Merged openstack/keystone master: Respect cached tokens issued before upgrade https://review.opendev.org/c/openstack/keystone/+/891521 | 16:28 |
| opendevreview | Merged openstack/keystone master: Add an option to randomize LDAP urls list https://review.opendev.org/c/openstack/keystone/+/821086 | 16:28 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!