|
144 | 144 | The protocol by which layer-3 IP addresses are resolved into |
145 | 145 | layer-2 link local addresses. |
146 | 146 |
|
| 147 | + admin (Role) |
| 148 | + |
| 149 | + A role that grants highest privileges in an OpenStack deployment. |
| 150 | + In many cases, admin rights can imply broader system access, depending on |
| 151 | + deployment policies. |
| 152 | + |
147 | 153 | admin API |
148 | 154 |
|
149 | 155 | A subset of API calls that are accessible to authorized |
|
2367 | 2373 | Logical groupings of related code, such as the Block Storage |
2368 | 2374 | volume manager or network manager. |
2369 | 2375 |
|
| 2376 | + manager (Role) |
| 2377 | + |
| 2378 | + A role positioned between the admin and member roles, providing |
| 2379 | + limited identity management. It has a narrower scope and purpose, |
| 2380 | + focused on managing identity-related resources. When assigned at the |
| 2381 | + domain scope, the manager role allows users to manage users, |
| 2382 | + projects, groups, and role assignments within an entire domain. |
| 2383 | + |
2370 | 2384 | manifest |
2371 | 2385 |
|
2372 | 2386 | Used to track segments of a large object within Object |
|
2404 | 2418 | Project name for OpenStack Network Information Service. To be |
2405 | 2419 | merged with Networking. |
2406 | 2420 |
|
| 2421 | + member (Role) |
| 2422 | + |
| 2423 | + A role that provides intermediate privileges between the admin and reader |
| 2424 | + roles. The member role offers a way to introduce more granular access |
| 2425 | + control and flexibility across different scopes. |
| 2426 | + |
2407 | 2427 | membership |
2408 | 2428 |
|
2409 | 2429 | The association between an Image service VM image and a project. |
|
3248 | 3268 | One of the VM image disk formats supported by Image service; an |
3249 | 3269 | unstructured disk image. |
3250 | 3270 |
|
| 3271 | + reader (Role) |
| 3272 | + |
| 3273 | + A role that grants read-only access to resources within a specific |
| 3274 | + scope — system, domain, or project. The behavior of the reader role |
| 3275 | + depends on its assigned scope. For example, a system-level reader |
| 3276 | + can view all projects in the deployment, while a domain-level reader |
| 3277 | + can only view projects within their domain. This scope-based distinction |
| 3278 | + affects how APIs behave for different users with the reader role. |
| 3279 | + |
3251 | 3280 | rebalance |
3252 | 3281 |
|
3253 | 3282 | The process of distributing Object Storage partitions across all |
|
3546 | 3575 | service. Provides one or more endpoints through which users can access |
3547 | 3576 | resources and perform operations. |
3548 | 3577 |
|
| 3578 | + service (Role) |
| 3579 | + |
| 3580 | + A role reserved for service-to-service communication. It allows one |
| 3581 | + service to interact with another and be granted only the necessary |
| 3582 | + elevated privileges by the receiving service. The service role was |
| 3583 | + introduced to replace the previous practice of assigning the overly |
| 3584 | + privileged admin role to service users. With this role, |
| 3585 | + service-to-service APIs can now default to using the service role, |
| 3586 | + ensuring more secure and limited access tailored to inter-service needs. |
| 3587 | + |
3549 | 3588 | service catalog |
3550 | 3589 |
|
3551 | 3590 | Alternative term for the Identity service catalog. |
|
0 commit comments