diff options
author | Colleen Murphy <colleen.murphy@suse.com> | 2020-02-11 10:59:01 -0800 |
---|---|---|
committer | Colleen Murphy <colleen.murphy@suse.com> | 2020-02-11 10:59:01 -0800 |
commit | 2e97ec5770e0f042c9710f9535ff228740e7ed70 (patch) | |
tree | 8ee3eb1ea034ba02c314afde74985762c1b4042b /doc | |
parent | 37aee24a01f6dcb636b06facd718ef7b628576cb (diff) | |
download | keystone-2e97ec5770e0f042c9710f9535ff228740e7ed70.tar.gz |
Add docs about bootstrapping immutable roles
Add a note to the ``keystone-manage bootstrap`` documentation about the
behavior of immutable roles.
Change-Id: I1cdbdc8668ed4312660ec269c40e1259517b327c
Depends-on: https://review.opendev.org/705859
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/admin/bootstrap.rst | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/doc/source/admin/bootstrap.rst b/doc/source/admin/bootstrap.rst index 8b9fc92af..51142b370 100644 --- a/doc/source/admin/bootstrap.rst +++ b/doc/source/admin/bootstrap.rst @@ -80,7 +80,10 @@ overrides to perform additional identity operations. This command will also create ``member`` and ``reader`` roles. The ``admin`` role implies the ``member`` role and ``member`` role implies the ``reader`` -role. +role. By default, these three roles are immutable, meaning they are created with +the ``immutable`` resource option and cannot be modified or deleted unless the +option is removed. To disable this behavior, add the ``--no-immutable-roles`` +flag. By creating an ``admin`` user and an identity endpoint you may authenticate to keystone and perform identity operations like creating |