Merge "Clarify heat roles in the Installation Guide"
This commit is contained in:
commit
d05f50e6ef
@ -72,11 +72,20 @@
|
|||||||
</note>
|
</note>
|
||||||
</step>
|
</step>
|
||||||
<step>
|
<step>
|
||||||
<para>Create the <literal>heat_stack_user</literal> and <literal>heat_stack_owner</literal> roles:</para>
|
<para>Create the <literal>heat_stack_user</literal> and
|
||||||
|
<literal>heat_stack_owner</literal> roles:</para>
|
||||||
<screen><prompt>$</prompt> <userinput>keystone role-create --name heat_stack_user</userinput>
|
<screen><prompt>$</prompt> <userinput>keystone role-create --name heat_stack_user</userinput>
|
||||||
<prompt>$</prompt> <userinput>keystone role-create --name heat_stack_owner</userinput></screen>
|
<prompt>$</prompt> <userinput>keystone role-create --name heat_stack_owner</userinput></screen>
|
||||||
<para>By default, users created by Orchestration use the
|
<para>By default, users created by Orchestration use the
|
||||||
<literal>heat_stack_user</literal> role.</para>
|
<literal>heat_stack_user</literal> role.</para>
|
||||||
|
<para>The <literal>heat_stack_user</literal> role is for users
|
||||||
|
created by heat, and is restricted to specific API actions.
|
||||||
|
The <literal>heat_stack_owner</literal> role is assigned to
|
||||||
|
users who create heat stacks.</para>
|
||||||
|
<warning><para>Because the <literal>heat_stack_owner</literal>
|
||||||
|
role has limited operational access to heat, you must never
|
||||||
|
assign this role to a user with a <literal>heat_stack_user</literal>
|
||||||
|
role.</para></warning>
|
||||||
</step>
|
</step>
|
||||||
<step>
|
<step>
|
||||||
<para>Create the <literal>heat</literal> and
|
<para>Create the <literal>heat</literal> and
|
||||||
|
Loading…
Reference in New Issue
Block a user