)]}'
{"doc/source/admin/service-api-protection.rst":[{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"4bcecd3094cf01ca8f8aebb2765647af2acf5451","unresolved":false,"context_lines":[{"line_number":86,"context_line":"the system carries separate authorization and are not transitive. For example,"},{"line_number":87,"context_line":"users with ``admin`` on the system should be able to manage every aspect of the"},{"line_number":88,"context_line":"deployment because they\u0027re operators. Users with ``admin`` on a project"},{"line_number":89,"context_line":"shouldn\u0027t be able to manage things outside the project because it would violate"},{"line_number":90,"context_line":"the tenancy of their role assignment."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":".. note::"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3fa7e38b_fb1430a2","line":89,"range":{"start_line":89,"start_character":0,"end_line":89,"end_character":9},"updated":"2019-10-09 17:50:10.000000000","message":"Should we add the caveat that this doesn\u0027t apply universally to all services yet?","commit_id":"84901fc74f0001df08902496136f68a06f9af8e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"47ea0290515eb12b05017b4d72fcd2af9bf7b1fc","unresolved":false,"context_lines":[{"line_number":86,"context_line":"the system carries separate authorization and are not transitive. For example,"},{"line_number":87,"context_line":"users with ``admin`` on the system should be able to manage every aspect of the"},{"line_number":88,"context_line":"deployment because they\u0027re operators. Users with ``admin`` on a project"},{"line_number":89,"context_line":"shouldn\u0027t be able to manage things outside the project because it would violate"},{"line_number":90,"context_line":"the tenancy of their role assignment."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":".. note::"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3fa7e38b_1b202cac","line":89,"range":{"start_line":89,"start_character":0,"end_line":89,"end_character":9},"in_reply_to":"3fa7e38b_fb1430a2","updated":"2019-10-09 18:00:34.000000000","message":"Done","commit_id":"84901fc74f0001df08902496136f68a06f9af8e9"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"4bcecd3094cf01ca8f8aebb2765647af2acf5451","unresolved":false,"context_lines":[{"line_number":123,"context_line":"System Members \u0026 System Readers"},{"line_number":124,"context_line":"-------------------------------"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"*System members* and *system readers* are very similar and have the same"},{"line_number":127,"context_line":"authorization. Users with these roles on the system can view all resources"},{"line_number":128,"context_line":"within keystone. They can audit role assignments, users, projects, and group"},{"line_number":129,"context_line":"memberships, among other resources."},{"line_number":130,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"3fa7e38b_bb0a3876","line":127,"range":{"start_line":126,"start_character":59,"end_line":127,"end_character":13},"updated":"2019-10-09 17:50:10.000000000","message":"in keystone","commit_id":"84901fc74f0001df08902496136f68a06f9af8e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"47ea0290515eb12b05017b4d72fcd2af9bf7b1fc","unresolved":false,"context_lines":[{"line_number":123,"context_line":"System Members \u0026 System Readers"},{"line_number":124,"context_line":"-------------------------------"},{"line_number":125,"context_line":""},{"line_number":126,"context_line":"*System members* and *system readers* are very similar and have the same"},{"line_number":127,"context_line":"authorization. Users with these roles on the system can view all resources"},{"line_number":128,"context_line":"within keystone. They can audit role assignments, users, projects, and group"},{"line_number":129,"context_line":"memberships, among other resources."},{"line_number":130,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"3fa7e38b_bbb47883","line":127,"range":{"start_line":126,"start_character":59,"end_line":127,"end_character":13},"in_reply_to":"3fa7e38b_bb0a3876","updated":"2019-10-09 18:00:34.000000000","message":"Done","commit_id":"84901fc74f0001df08902496136f68a06f9af8e9"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"4bcecd3094cf01ca8f8aebb2765647af2acf5451","unresolved":false,"context_lines":[{"line_number":134,"context_line":""},{"line_number":135,"context_line":".. code-block:: console"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"    $ openstack role assignment list --names --system all --role member"},{"line_number":138,"context_line":"    +--------+------------------------+-------------------------+---------+--------+--------+-----------+"},{"line_number":139,"context_line":"    | Role   | User                   | Group                   | Project | Domain | System | Inherited |"},{"line_number":140,"context_line":"    +--------+------------------------+-------------------------+---------+--------+--------+-----------+"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3fa7e38b_bb7f98dd","line":137,"range":{"start_line":137,"start_character":65,"end_line":137,"end_character":71},"updated":"2019-10-09 17:50:10.000000000","message":"also --role reader ?","commit_id":"84901fc74f0001df08902496136f68a06f9af8e9"},{"author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"change_message_id":"2e333799a5cd9d88ed31c582f718439f4dc60c63","unresolved":false,"context_lines":[{"line_number":134,"context_line":""},{"line_number":135,"context_line":".. code-block:: console"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"    $ openstack role assignment list --names --system all --role member"},{"line_number":138,"context_line":"    +--------+------------------------+-------------------------+---------+--------+--------+-----------+"},{"line_number":139,"context_line":"    | Role   | User                   | Group                   | Project | Domain | System | Inherited |"},{"line_number":140,"context_line":"    +--------+------------------------+-------------------------+---------+--------+--------+-----------+"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3fa7e38b_9e108a50","line":137,"range":{"start_line":137,"start_character":65,"end_line":137,"end_character":71},"in_reply_to":"3fa7e38b_5b8c64d6","updated":"2019-10-09 18:02:35.000000000","message":"Oh, right.\n\nI think yes? Otherwise we\u0027re never going to remember to fix the example when the bug is fixed.","commit_id":"84901fc74f0001df08902496136f68a06f9af8e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"07b19754ddd22f84ddb281d0d5c830b4e8d3e9e2","unresolved":false,"context_lines":[{"line_number":134,"context_line":""},{"line_number":135,"context_line":".. code-block:: console"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"    $ openstack role assignment list --names --system all --role member"},{"line_number":138,"context_line":"    +--------+------------------------+-------------------------+---------+--------+--------+-----------+"},{"line_number":139,"context_line":"    | Role   | User                   | Group                   | Project | Domain | System | Inherited |"},{"line_number":140,"context_line":"    +--------+------------------------+-------------------------+---------+--------+--------+-----------+"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3fa7e38b_5ee0d226","line":137,"range":{"start_line":137,"start_character":65,"end_line":137,"end_character":71},"in_reply_to":"3fa7e38b_9e108a50","updated":"2019-10-09 18:16:00.000000000","message":"Done","commit_id":"84901fc74f0001df08902496136f68a06f9af8e9"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"47ea0290515eb12b05017b4d72fcd2af9bf7b1fc","unresolved":false,"context_lines":[{"line_number":134,"context_line":""},{"line_number":135,"context_line":".. code-block:: console"},{"line_number":136,"context_line":""},{"line_number":137,"context_line":"    $ openstack role assignment list --names --system all --role member"},{"line_number":138,"context_line":"    +--------+------------------------+-------------------------+---------+--------+--------+-----------+"},{"line_number":139,"context_line":"    | Role   | User                   | Group                   | Project | Domain | System | Inherited |"},{"line_number":140,"context_line":"    +--------+------------------------+-------------------------+---------+--------+--------+-----------+"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3fa7e38b_5b8c64d6","line":137,"range":{"start_line":137,"start_character":65,"end_line":137,"end_character":71},"in_reply_to":"3fa7e38b_bb7f98dd","updated":"2019-10-09 18:00:34.000000000","message":"Yeah - this filtering is broken today\n\nYou want me to update the example so it doesn\u0027t appear broken?","commit_id":"84901fc74f0001df08902496136f68a06f9af8e9"}]}