openstackkeystoneopenstacknetsdk

Difference between Global Role and Tenant Role in Openstack


I have noticed that the API documentation makes reference to Global Roles and Tenant Roles. e.g.

The link http://developer.openstack.org/api-ref-identity-v2.html#identity-v2-ext has a Get operation on

/v2.0/users/​{user_id}​/roles

that says 'Lists global roles for a specified user. Excludes tenant roles' when I call this for the admin user using Openstack.net SDK (GetRolesByUser), I can see it makes the call correctly but the response I get back is saying...

{
  "error":
    {
       "message": "User roles not supported: tenant ID required",
       "code": 501,
       "title": "Not Implemented"
    }
}

So what's the difference between tenant roles and global roles. Has this api call been deprecated from openstack or something?


Solution

  • It seems roles are roles, it's just terminology and in the current version you can't assign roles to a user without involving a tenant. See link below for more information.

    https://ask.openstack.org/en/question/33488/api-request-returns-user-roles-not-supported-tenant-id-required/