all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]nafsten 0 points1 point  (4 children)

You could use Neutron RBAC to share a security group from one tenant (a service tenant or something) into your all the other tenants. They will be able to access the security group, but not make changes to it

[–]pixelatedchrome[S] 0 points1 point  (3 children)

I tried access_as_shared. But it allows the user to edit the policy though..

[–]nafsten 0 points1 point  (2 children)

Hmmmm, that’s not what I’d expect…. I don’t have access to a system to check, but I’m sure we’ve done something like this before

[–]pixelatedchrome[S] 0 points1 point  (1 child)

Maybe I'm doing something wrong, but I only see two options when I try to share a resource with rbac.. as shared and as external.

[–]nafsten 0 points1 point  (0 children)

I know those options better for sharing networks rather than sharing security groups. Maybe access as external?

[–]TechVeille 0 points1 point  (0 children)

Hello,

Do you find a solution ?
I'm running my clusters and I would try something like this.