openstack/python-openstackclient
Code Issues Proposed changes
5bdcd590ec
python-openstackclient/releasenotes/notes/add-implied-role-0cdafb131fbd7453.yaml
Harry Rybacki 8cd3e258c5 Implied Roles 
Allow the user to create an inference rule between
two roles. The first, called the prior role
is the role explicitly assigned to an individual.
The second, called the implied role, is one that
the user gets implicitly. For example:

Role B implies Role A.
User X is assigned Role B.
Therefore User X also assigned Role A.

The management and maintenance of the rules is
performed in the Keystone server.

Change-Id: If547c2f16e812bc7fffd742ec37e6a26011f3185
2017-08-22 17:08:30 +00:00

17 lines
887 B
YAML
Raw Blame History

---
features:
- |
Support for creating, deleting, and listing implied roles has been added.
This allows users to create an inference rule between two roles. The
first, called the prior role is the role explicitly assigned to an
individual. The second, called the implied role, is one that the user
is assgined implicitly. Additionally, these rules can be chained, such
that an implied role from the first inference rule can be the implied role
in the second. Thus one explicitly assigned role can lead to multiple
implied roles.
``implied role create <role> --implied-role <implied-role>`` creates an
association between prior and implied roles.
``implied role delete <role> --implied-role <implied-role>`` removes an
association between prior and implied roles.
``implied role list`` Lists all implied roles that currently exist.
View Git Blame Copy Permalink