Group naming

1. Infrastructure

1.1 Generic hierarchy

1.2 Generic roles

*.sysadmin login and unrestricted root privileges
*.staff login and limited privileges (sudo service, accessing logs)
*.community login

1.3 Specific roles

*.admin login and unrestricted root privileges
*.users login and limited privileges (sudo apt, sudo service, accessing logs, trigger deployments)

1.4 Examples

2. Permissions

2.1 Generic hierarchy

2.2 Examples

2.3 Specific roles

*.access can use application or service
*.read can read anything within the Ceph share
*.write can read, write and delete anything within the Ceph share
*.users can manage all ressources within the OpenStack project

3. other

  • there are no special cases or legacy issues to be aware of.