summaryrefslogtreecommitdiffstats
path: root/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml')
-rw-r--r--keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml12
1 files changed, 12 insertions, 0 deletions
diff --git a/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml b/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml
new file mode 100644
index 00000000..065fd541
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml
@@ -0,0 +1,12 @@
+---
+features:
+ - >
+ [`blueprint implied-roles <https://blueprints.launchpad.net/keystone/+spec/implied-roles>`_]
+ Keystone now supports creating implied roles. Role inference rules can now
+ be added to indicate when the assignment of one role implies the assignment
+ of another. The rules are of the form `prior_role` implies
+ `implied_role`. At token generation time, user/group assignments of roles
+ that have implied roles will be expanded to also include such roles in the
+ token. The expansion of implied roles is controlled by the
+ `prohibited_implied_role` option in the `[assignment]`
+ section of `keystone.conf`.