Bug 1323208

Summary: [RFE] Documentation on utilizing Role Base Access Control for Active Directory users for managing Multi-tenancy
Product: Red Hat OpenStack Reporter: Sachin <sacpatil>
Component: documentationAssignee: RHOS Documentation Team <rhos-docs>
Status: CLOSED WONTFIX QA Contact: RHOS Documentation Team <rhos-docs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.0 (Liberty)CC: ayoung, josorior, mlopes, pmukhedk, srevivo
Target Milestone: ---Keywords: Documentation, FutureFeature, Reopened
Target Release: 8.0 (Liberty)Flags: sacpatil: internal-review+
sacpatil: needinfo+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-19 17:10:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Sachin 2016-04-01 14:24:47 UTC 
Description of problem:

One of our customer wants to configure RBAC for Active-Directory users accessing OpenStack dashboard to manage resources like instance & template creation, and multi-tenancy access etc. I have already provided following links:

1. https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/7/users-and-identity-management-guide/chapter-1-user-and-role-management

2. https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/7/users-and-identity-management-guide/chapter-3-identity-management#active-directory-integration

But seems like they want exclusive documentation on RBAC + AD + Multi-tenancy.



Version-Release number of selected component (if applicable):



How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Martin Lopes 2016-04-07 04:58:40 UTC 
Reviewing...
Comment 3 Sachin 2016-04-07 04:59:26 UTC 
Customer also posted a use case which is simple hierarchical multi-tenancy:

"After creating a new project and allocating some amount of resources, we should be able to create a hierarchy of users like Project Manager (PM) having complete view of the project usage, then PM should be able to allocate resources to different sub-teams (like Dev, QA, Prod, etc), each sub-team leads having access to their allocated resources and able to manage the resources at their level with approval from the PM. All the users will be AD authenticated ones."
Comment 4 Sachin 2016-04-07 10:53:23 UTC 
As the customer need assistance on implementation, I have redirected him to the consulting team.I think the document will be too specific to customer needs. 

If documentation team still wants to work on this, feel free to re-open this RFE.
Comment 6 Martin Lopes 2016-04-08 01:51:19 UTC 
Re-opening RFE to document this use case, once this has been implemented:

https://bugs.launchpad.net/keystone/+bug/1567446