Hi all, to put in context the problem, having two different users, a community and a basic user... Current situation - Both basic and community users are registered in the IdM. - Community user has privileges to manage cloud resources using the cloud portal - Basic user has not privileges to manage cloud resources - Community user authorizes the basic user to manage its cloud resources (by giving access to its cloud organization) - The result is that both users have privileges to manage the community user cloud resources using the cloud portal. New situation (after adopting Option 3) As we have two separate users domains, one in the IdM and one for the cloud, we have several options to replicate the current behavior with respecto to cloud resources sharing: 1. Only community users are registered in the cloud domain. To share their resources, a community user has to share its credentials with other users. 2. When a basic user wants to manage cloud resources of a community user, it has to be registered in the cloud domain (by Keystone or node administrators) and then the community user can give the basic user the right permissions. 3. Other ideas??? I hope this helps to start the discussion. BR -- Álvaro > El 28 feb 2017, a las 10:36, Fernando López <fernando.lopez at fiware.org> escribió: > > Dear all, > > Today, we have a very interesting presentation and discussion about User Management with the option 3 and one keystone approach. But we keep some open question mainly regarding the management of different type of users and how to deal with them in the OpenStack vanilla Horizon. We decided not continue the conversation in the TSC due to the extra time of the meeting but continue it by email. > > Just to initialize the conversation, the questions that was launched by Ilknur is the way in which we create with the new approach new users and how to assign roles to the different users in different situations. I mean, with the current solution we can assign users to a specific projects (through IdM) therefore Basic users can work with cloud resources due to a community user assign him to the project. > > The question is, how to resolve those functionalities with the new approach? > > Best regards, > Fernando.- > > -- > −−− > Fernando López > > FIWARE Cloud and Platform Senior Expert > FIWARE Foundation > <Archivo adjunto al mensaje.png> > Franklinstrasse 13A > 10587 Berlin > email: fernando.lopez at fiware.org <mailto:fernando.lopez at fiware.org> > www: http://fiware.org <http://fiware.org/> > twitter: @flopezaguilar @FIWARE > skype: fernandola > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-technical-committee/attachments/20170306/7c83c353/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy