Link to the Keystone role documentation
The oslo.policy docs on writing custom policy checks use things like the admin role without explaining where it comes from. This change adds a link to the Keystone docs that explain which roles are created by default and what they provide access to. Change-Id: I70c01ad88344edd2db384da8b24ba0238764a8ec
This commit is contained in:
parent
e49b2ae612
commit
30f5df1b8c
|
@ -76,6 +76,10 @@ administrators can create new users in the Identity database:
|
|||
|
||||
"identity:create_user" : "role:admin"
|
||||
|
||||
.. note:: ``admin`` is a built-in default role in Keystone. For more
|
||||
details and other roles that may be available, see the
|
||||
`Keystone documentation on default roles. <https://docs.openstack.org/keystone/latest/admin/service-api-protection.html>`_
|
||||
|
||||
You can limit APIs to any role. For example, the Orchestration service
|
||||
defines a role named ``heat_stack_user``. Whoever has this role is not
|
||||
allowed to create stacks:
|
||||
|
|
|
@ -71,6 +71,10 @@ administrators can create new users in the Identity database:
|
|||
|
||||
"identity:create_user" : "role:admin"
|
||||
|
||||
.. note:: ``admin`` is a built-in default role in Keystone. For more
|
||||
details and other roles that may be available, see the
|
||||
`Keystone documentation on default roles. <https://docs.openstack.org/keystone/latest/admin/service-api-protection.html>`_
|
||||
|
||||
You can limit APIs to any role. For example, the Orchestration service
|
||||
defines a role named ``heat_stack_user``. Whoever has this role is not
|
||||
allowed to create stacks:
|
||||
|
|
Loading…
Reference in New Issue