Differentiate system-wide admins from tenant-specific admins

Registered by Vish Ishaya on 2012-04-05

We are currently using 'admin' to mean multiple things:
1) Can perform adminitstrative commands on the current tenant (i.e. migrate a server)
2) Can list/act on other tenants (i.e. list all instances, delete another tenant's volume)

We should differentiate system-wide admins from tenant-specific admins. This might mean having a special tenant for system admins. It may also mean creating a special concept in keystone of a user that has a role on every tenant in the system. This might be necessary because it may be best to force commands to only work on the current tenant, which would mean a system administrator would have to get a token for the tenant he wishes to administer. Manually adding an administrative user to every tenant in the system would be difficult

Blueprint information

Status:
Complete
Approver:
Vish Ishaya
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
John Garbutt on 2013-11-19

Whiteboard

This is stale, marking as obsolete, if we need these things, less propose them in new blueprints -- johnthetubaguy

WordPress uses the term Super Admin vs admin, might work well here as well.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.