Bug 1287415
Summary: | [Docs] [Networking] Provide an outline of RBAC control | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Andrew Dahms <adahms> |
Component: | documentation | Assignee: | Martin Lopes <mlopes> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Dan Macpherson <dmacpher> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 8.0 (Liberty) | CC: | mburns, srevivo |
Target Milestone: | ga | Keywords: | Documentation |
Target Release: | 8.0 (Liberty) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | https://blueprints.launchpad.net/neutron/+spec/rbac-networks | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-12-02 03:13:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1266081 | ||
Bug Blocks: |
Description
Andrew Dahms
2015-12-02 03:14:29 UTC
Assigning to Martin for review. Content has been tech reviewed by SME For docs QA, updated URL is here: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/single/networking-guide#sec-rbac All of chapter 12 is in scope for peer review. Hi Martin, Sorry it took so long. This BZ slipped under my radar. Here's a my peer review: > OpenStack Networking now uses a RBAC table to control sharing of neutron networks between tenants Since you can share networks with more than two tenants, it should be "among tenants". > ability for some tenants to create networks, and can instead allow them Unnecessary comma. > Use neutron rbac-delete to delete the RBAC, based on its ID value: Unnecessary comma. > Access to external networks (networks with gateway interfaces attached) can be controlled with RBAC, using the --action access_as_external parameter. Consider using active voice: "You can grant RBAC access to external networks (networks with gateway interfaces attached) using the --action access_as_external parameter." Also an unnecessary comma. > this procedure creates a RBAC for the web-servers network, and grants access to the engineering tenant (c717f263785d4679b16a122516247deb): Unnecessary comma. > As a result, users in the Engineering tenant are able to view the network, or connect instances to it: Unnecessary comma. Cool. Flipping this to VERIFIED. |