Roles

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Roles

J.O'Loughlin@surrey.ac.uk
Hi All,

I'm running trunk on 10.10

I've just created a user and added to a project:

nova-manage user create tom
nova-project add project2 tom

at this stage no roles added:

my understanding is that a euca-describe-images should just show images in project?
the new user can see all images, all instances in all projects, can start an instance from any image even if marked private, can allocate themselves an address
and can then assign that to any other user instances!

After the above I gave tom the sysadmin role (global and then in the project). Makes no difference to what they can and cant do.

Is this normal behaviour?

Regards

John O'Loughlin
FEPS IT, Service Delivery Team Leader