nova-manage user create tom
nova-project add project2 tom
at this stage no roles added:
my understanding is that a euca-describe-images should just show images in project?
the new user can see all images, all instances in all projects, can start an instance from any image even if marked private, can allocate themselves an address
and can then assign that to any other user instances!
After the above I gave tom the sysadmin role (global and then in the project). Makes no difference to what they can and cant do.
Is this normal behaviour?
FEPS IT, Service Delivery Team Leader