openstack
/
keystone
Code Issues Proposed changes

Clarify group-mapping example in docs 

The mapping example adds mapped users to a group, so it is misleading to
say that it grants them a role directly, which is the purview of
autoprovisioning. This patch clarifies that, and also updates the role
name to be `reader` which is the new default read-only role.

Followup to https://review.openstack.org/605496

Change-Id: I669df0800275c49ed1ec2c3934301313fb7c4dca
This commit is contained in:
Colleen Murphy 2018-10-04 16:15:34 +02:00
parent b79f1a9067
commit 39a1f71c53
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/source/admin/federated-identity.rst
View File

@ -434,9 +434,10 @@ user group has already received in keystone:
This example can be expanded by adding a second rule that conveys
additional authorization to only a subset of federated users. Federated users
with a `title` attribute that matches either ``Manager`` or
``Supervisor`` are granted the hypothetical ``observer`` role, which would
allow them to perform any read-only API call in the cloud:
with a `title` attribute that matches either ``Manager`` or ``Supervisor`` are
admitted to the ``observers`` group which is granted the ``reader`` role on some
project, which would allow the group members to perform any read-only API call
in the project:
.. code:: javascript