ee2724a2a2
Removed info that's internal to keystone and therefore not relevant to deployers. Consistent references to config option names. `` should be used for literal string values, not references. Change-Id: Ia7e11683ed3ae7f19fe6680848bdcbaed954f424
12 lines
642 B
YAML
12 lines
642 B
YAML
---
|
|
features:
|
|
- >
|
|
[`blueprint domain-specific-roles <https://blueprints.launchpad.net/keystone/+spec/domain-specific-roles>`_]
|
|
Roles can now be optionally defined as domain specific. Domain specific
|
|
roles are not referenced in policy files, rather they can be used to allow
|
|
a domain to build their own private inference rules with implied roles. A
|
|
domain specific role can be assigned to a domain or project within its
|
|
domain, and any subset of global roles it implies will appear in a token
|
|
scoped to the respective domain or project. The domain specific role
|
|
itself, however, will not appear in the token.
|