Hello Team ,
Could you please help me to isolate projects or tenants from each other.
> we have different admin users for each project and we want to isolate the admin user visibility in to other projects and settings.
> i tried to create projects and allocated admin role for user , but this way admin user will be able to see other project settings.
Can you help
Hello Mike,
Seem you are new to Openstack
There is only tow default roles installed after a VIO Deployment.
"_Members_ " This role is for users that want to use the IaaS Platform.
"Admin" = This role is for the Platform admin... so don't use it to give permission to users
The strategy i use is to create group and link the group to a role.
Group can be used to assign access to a project.
If you need to create specific roles, or modify existing ones, you have to edit the Policy.json files for each services (nova, neutron etc...)
Appendix A. The policy.json file - OpenStack Configuration Reference - kilo
Good luck
Ps : I actually don't found the need to create a different role that the default "member" for the users that access the IaaS.
What is you need ?
For VIO we do not recommend manually editing the policy json files. You would be on your own. Support would have you remove those and reproduce issues before investigating.