Bug 1657504

Summary: HBAC and sudo for OSP infrastructure via Red Hat IdM
Product: Red Hat OpenStack Reporter: Harry Rybacki <hrybacki>
Component: SecurityAssignee: Harry Rybacki <hrybacki>
Status: CLOSED WONTFIX QA Contact: Jeremy Agee <jagee>
Severity: urgent Docs Contact:
Priority: medium    
Version: 16.0 (Train)CC: jjoyce, jpadman, lhh, mburns, slong
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-11 20:27:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1418508, 1433706, 1557829, 1585219    

Description Harry Rybacki 2018-12-09 16:39:29 UTC 
Description of problem:

In our quest to meet compliance requirements for OpenStack infrastructure, we are proposing to use Red Hat IdM to solve for security operator profile use cases. The requirement is one in which we need granular controls of access (AuthN) and authorization (AuthZ) for OSP operators. 

For example, organizations have specified groupings e.g.: red, yellow, and green accounts to denote security profiles with certain capabilities and restrictions. This approach  leverages existing IdM capabilities to accelerate meeting requirements defined by various risk management frameworks.