eed233cac8
"Shadow users: unified identity" implementation: Allow concrete role assignments for federated users. Currently, federated users get roles from mapped group assignments. However, with the shadow users implementation, federated users are mapped to identities in the backend; thus, can be assigned roles. This patch returns locally assigned roles with the mapped group roles for federated users; allowing for authorization for those roles. bp shadow-users-newton Change-Id: I9a150ded6c4b556627147d2671be15d6a3794ba5
8 lines
382 B
YAML
8 lines
382 B
YAML
---
|
|
upgrade:
|
|
- In the policy.json file, we changed `identity:list_projects_for_groups`
|
|
to `identity:list_projects_for_user`. Likewise, we changed
|
|
`identity:list_domains_for_groups` to `identity:list_domains_for_user`. If
|
|
you have customized the policy.json file, you will need to make these
|
|
changes. This was done to better support new features around federation.
|