Atom feed of this document
  
 

 Tenants, users, and roles

The Compute system is designed to be used by different consumers in the form of tenants on a shared system, and role-based access assignments. Roles control the actions that a user is allowed to perform.

Tenants are isolated resource containers that form the principal organizational structure within the Compute service. They consist of an individual VLAN, and volumes, instances, images, keys, and users. A user can specify the tenant by appending :project_id to their access key. If no tenant is specified in the API request, Compute attempts to use a tenant with the same ID as the user.

For tenants, you can use quota controls to limit the:

  • Number of volumes that may be launched.

  • Number of processor cores and the amount of RAM that can be allocated.

  • Floating IP addresses assigned to any instance when it launches. This allows instances to have the same publicly accessible IP addresses.

  • Fixed IP addresses assigned to the same instance when it launches. This allows instances to have the same publicly or privately accessible IP addresses.

Roles control the actions a user is allowed to perform. By default, most actions do not require a particular role, but you can configure them by editing the policy.json file for user roles. For example, a rule can be defined so that a user must have the admin role in order to be able to allocate a public IP address.

A tenant limits users' access to particular images. Each user is assigned a username and password. Keypairs granting access to an instance are enabled for each user, but quotas are set, so that each tenant can control resource consumption across available hardware resources.

[Note]Note

Earlier versions of OpenStack used the term project instead of tenant. Because of this legacy terminology, some command-line tools use --project_id where you would normally expect to enter a tenant ID.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...