I have noticed that the API documentation makes reference to Global Roles and Tenant Roles. e.g.
The link http://developer.openstack.org/api-ref-identity-v2.html#identity-v2-ext has a Get operation on
/v2.0/users/{user_id}/roles
that says 'Lists global roles for a specified user. Excludes tenant roles' when I call this for the admin user using Openstack.net SDK (GetRolesByUser), I can see it makes the call correctly but the response I get back is saying...
{
"error":
{
"message": "User roles not supported: tenant ID required",
"code": 501,
"title": "Not Implemented"
}
}
So what's the difference between tenant roles and global roles. Has this api call been deprecated from openstack or something?
It seems roles are roles, it's just terminology and in the current version you can't assign roles to a user without involving a tenant. See link below for more information.