VMware Cloud Community
Mike_Gray
Enthusiast
Enthusiast

Project Isolation VIO 3.1

Hello Team ,

Could you please help me to isolate projects or tenants from each other.

> we have different admin users for each project and we want to isolate the admin user visibility in to other projects and settings.

> i tried to create projects and allocated admin role for user , but this way admin user will be able to see other project settings.

Can you help

3 Replies
rpellet
VMware Employee
VMware Employee

Please see http://kb.vmware.com/kb/2147534

Admin role is global in scope.

Reply
0 Kudos
ZeMiracle
Enthusiast
Enthusiast

Hello Mike,

Seem you are new to Openstack Smiley Happy

There is only tow default roles installed after a VIO Deployment.

"_Members_ " This role is for users that want to use the IaaS Platform.

"Admin" = This role is for the Platform admin... so don't use it to give permission to users Smiley Wink

The strategy i use is to create group and link the group to a role.

Group can be used to assign access to a project.

If you need to create specific roles, or modify existing ones, you have to edit the Policy.json files for each services (nova, neutron etc...)

Appendix A. The policy.json file - OpenStack Configuration Reference  - kilo

Good luck Smiley Happy

Ps : I actually don't found the need to create a different role that the default "member" for the users that access the IaaS.

What is you need ?

Reply
0 Kudos
rpellet
VMware Employee
VMware Employee

For VIO we do not recommend manually editing the policy json files.  You would be on your own.  Support would have you remove those and reproduce issues before investigating.