Update confusing note
The note saying that services other than Identity assign meaning to roles is confusing. Maybe the intent was to say that the other services have a policy file that defines what operations the roles can do. Before the v3 API, keystone didn't support RBAC, but now with v3 it supports RBAC like all the other services. The note is updated so that hopefully it will now provide usable information. Change-Id: I9e57c4244f2e57aedc2f0dffbdf38ee07eb67473
This commit is contained in:
Brant Knudson
parent
fbd3d13500
commit
5e56020eab
@ -119,9 +119,13 @@ Identity user management examples:
|
||||
|
||||
.. note::
|
||||
|
||||
Individual services, such as Compute and the Image service,
|
||||
assign meaning to roles. In the Identity service, a role is
|
||||
simply a name.
|
||||
Individual services assign meaning to roles, typically through
|
||||
limiting or granting access to users with the role to the
|
||||
operations that the service supports. Role access is typically
|
||||
configured in the service's ``policy.json`` file. For example,
|
||||
to limit Compute access to the ``compute-user`` role, edit the
|
||||
Compute service's ``policy.json`` file to require this role for
|
||||
Compute operations.
|
||||
|
||||
The Identity service assigns a tenant and a role to a user. You might
|
||||
assign the ``compute-user`` role to the ``alice`` user in the ``acme``
|
||||
|
||||
Loading…
Reference in New Issue
Block a user