Skip to content

OpenStack Projects

In this section, you manage your OpenStack projects, including user permissions. To create multiple OpenStack projects, you require:

  • a) the corresponding permission and
  • b) the quota for multiple OpenStack projects.

Create OpenStack Project

To create an OpenStack project, please proceed as follows:

  • To do this, navigate on the left to OpenStack and then to Manage projects.
  • Now, please click the Create project button.
  • Enter a name and description, and select a suitable quota profile.
  • Complete your entry by clicking Create.

image

Note

If your quota is insufficient for your new project, you can adjust your selected Quota Profile, or request a higher quota.

The OpenStack project is now created and appears in the list. Now, grant the desired users permission for this project.

Manage OpenStack Project User Permissions

For a user to obtain permission for an OpenStack project, you must grant it. This is also a prerequisite for a user to log in to the OpenStack Management Portal (Horizon).

  • To do this, navigate on the left to OpenStack and then to Manage projects.
  • Now, please click the Actions button Manage users on the right side of the row for the desired OpenStack project.

image

  • All users whom you could authorize for this OpenStack project are now listed.
  • Now, please click the Actions button Edit roles on the right side of the row for the desired User.

image

  • Now, select the desired permissions for the user for this OpenStack project (e.g., _member_ and creator) and then confirm with the create button.

For more information on roles, see (Project-Roles).

image

  • Repeat this process for all users whom you wish to authorize for this OpenStack project.
  • The authorized user can now log in to the OpenStack Management Portal.

Note

To allow a user access to multiple OpenStack projects, simply repeat the process above with a different project.

OpenStack Project Roles Legend

Role Description
_member_ Default role that allows access to a Project
member Duplicate of _member_ that is still needed for some API calls
heat_stack_owner Role allowed to create/start Heat Stacks
reader Allowed to read Secrets in Barbican
creator Allowed to create Secrets in Barbican, e.g., for server-side encryption
load_balancer_member Allowed to create load balancers