Not authorized to list projects with keystone v3?

Question

I set up keystone v3, and then created a domain dom1, a user adm1 and grant this user to admin role. Authenticate this user with domain scope. Then create a project under dom1. I tried to list projects with the same token that created the project. All I got is "You are not authorized to perform the requested action: identity:list_projects".

If I take out the rule domain_id:%(domain_id)s in policy.v3cloudsample.json for "identity:list_projects", everything works well.

Why cannot I list projects with the rule domain_id:%(domain_id)s? Thanks.

score 1 · Accepted Answer · answered Aug 06 '15 at 08:35

1

According to OpenStack API document, the API URL of listing projects must be filtered with domain ID. So in policy,json, domain_id:%(domain_id)s of identity:list_projects means the domain ID in URL filter must be equal to the domain ID that the token is scoped.

answered Aug 06 '15 at 08:35

talihsu

175
3
13

Hi @talihsu, Were you able to make it work without _(You are not authorized to perform the requested action: identity:list_projects)_ – Bikramjit Singh Oct 05 '15 at 17:02
Hi Bik, without what? Thanks – talihsu Oct 09 '15 at 13:54

Not authorized to list projects with keystone v3?

1 Answers1