Page MenuHomePhabricator
Create Task
Maniphest T28595

Add users to sysadmin role after they are added to a project
Closed, InvalidPublic
Actions

Description

Adding a user to a project is not enough to allow them to create instances. Users must also be in a "sysadmin" role as well.

Project roles are created underneath projects. So, if a project exists named "tesla", the project/role should look like this:

cn=tesla,<projectbasedn>

cn=sysadmin,cn=tesla,<projectbasedn>

Also, as of right now, Nova requires that users be in the global sysadmin group, and the project group to create instances; see bug:

https://bugs.launchpad.net/nova/+bug/697936

So, for now at least, we'll also need to add users to this group when they are created.

Also, if we are adding users to these roles, when we remove users from projects, they should also be removed from the roles as well.

When the listed Nova bug is fixed, we'll need to stop using the global group (this should preferably be a configuration option), and we'll need to remove all users from the group.

Version: unspecified
Severity: enhancement

Details

Reference
bz26595

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:13 PM
bzimport added a project: MediaWiki-extensions-OpenStackManager.
bzimport set Reference to bz26595.
RyanLane created this task.Jan 6 2011, 1:30 AM
RyanLane added a comment.Jan 6 2011, 1:32 AM

The best solution for this is to create the role (and any other possible roles we may want) at the same time the project is created.

RyanLane added a comment.Jan 11 2011, 10:42 PM

Roles should be manually assigned.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL