starlingx/docs
Code Issues Proposed changes

Merge "Add keystone member role"

Browse Source
This commit is contained in:
Zuul
2025-10-24 16:44:07 +00:00
committed by Gerrit Code Review
parent a71798cb68 548987302a
commit b88b09404a
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
doc/source/security/kubernetes/keystone-account-roles-64098d1abdc1.rest
View File

@@ -4,8 +4,8 @@
Keystone Account Roles
----------------------
In |prod|, 4 different keystone roles are supported: ``admin``, ``configurator``,
``operator``, and ``reader``.
In |prod|, 5 different keystone roles are supported: ``admin``, ``configurator``,
``operator``, ``member``, and ``reader``.
- Users with an ``admin`` role in the ``admin`` project can execute any action in the system.
@@ -19,11 +19,12 @@ In |prod|, 4 different keystone roles are supported: ``admin``, ``configurator``
and can execute operational commands on subclouds (example: manage/unmanage,
backup management).
- The ``member`` operator is currently the same as ``reader`` role, however it may be
used for managing additional capabilities in future.
- Users with a ``reader`` role in the ``admin`` project have read-only access.
They cannot perform any changes in the system but can read any configuration.
In the |CLI|, commands with prefix or suffix, such as, ``list``, ``query``,
``show`` and ``summary`` get the configuration from the system, and are
allowed for this type of user, all other commands are denied.
allowed for this type of user. All other commands are denied.
The following sections describe how to create users with specific keystone
roles in |prod|.