Modify Cinder admin access user policy

Solution Unverified - Updated -

Issue

  • Cinder policy file does not support user id syntax
  • Can we specify the user_id of the admin account in /etc/cinder/policy.json so that cinder honors this syntax?
  • If policy syntax left as: "context_is_admin": "role:admin" , then any user who is a project admin can view all volumes from any other user, which may not be desirable in all deployments. Would rather use: "context_is_admin": "user_id:ID-OF-ADMIN-ACCOUNT" or similar, that will support specifying the super-admin account only to have access to every volume.

Environment

  • Red Hat Enterprise Linux OpenStack Platform 6.0
  • Red Hat Enterprise Linux OpenStack Platform 5.0
  • Red Hat Enterprise Linux OpenStack Platform 4.0
  • Red Hat Enterprise Linux OpenStack Platform 3.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content