Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added more granular permissions per Subbu

...

Among the two OOB user roles in OpenStack , admin and member, member member – member permissions are sufficient to perform all function in Workload Manager and Cost Optimizer.  In addition, more gradual permission can be set in the configuration files of the appropriate OpenStack components per the following table.

OpenStack ModuleMinimum permissions needed by Workload ManagerMinimum permissions needed by Cost Optimizer
Compute
Code Block
compute:get
compute:get_all
compute:get_all_tenants
compute:get_instance_metadata
compute:get_all_instance_metadata
compute:get_all_instance_system_metadata

compute:create
compute:start
compute:stop
compute:reboot
compute:delete
compute:resize
compute:attach_volume
compute:detach_volume

compute_extension:keypairs:create
compute_extension:keypairs:delete

compute:security_groups:add_to_instance
compute:security_groups:remove_from_instance
Code Block
compute:get
compute:get_all
compute:get_all_tenants
compute:get_instance_metadata
compute:get_all_instance_metadata
compute:get_all_instance_system_metadata
Network
Code Block
get_network
get_subnet
network:get_all
Code Block
get_network
get_subnet
network:get_all
Block Storage
Code Block
volume:get
volume:get_all
 
volume:create
volume:delete
Code Block
volume:get
volume:get_all
Identity
Code Block
identity:list_user_projects
identity:get_user
identity:list_users
identity:list_projects
Code Block
identity:list_user_projects
identity:get_user
identity:list_users
identity:list_projects
Image
Code Block
get_image
get_images

delete_image
download_image
add_image
add_member
delete_member
Code Block
get_image
get_images

Configuration Process

To add an OpenStack cloud account, follow this procedure.

...

Terms & Conditions Privacy Statement Cookies Trademarks