Bug 1042326

Summary: [RFE][ceilometer]: support admin-only api access
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/ceilometer/+spec/admin-only-api-access
Whiteboard: upstream_milestone_none upstream_status_unknown upstream_definition_superseded
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 17:29:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 21:45:39 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/ceilometer/+spec/admin-only-api-access.

Description:

the current acl conditions for ceilometer api are as follows:  admins can query for any resource, regular users can only query for resources owned by the tenant they belong to.

as ceilometer collects more and more different types of data... some of the data collected may be 'privileged' data that only admins should have access to regardless of membership to a tenant (ie. audit data should only be visible to admins).  we need to support this somehow.

Specification URL (additional information):

None