summaryrefslogtreecommitdiffstats
path: root/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml
blob: 065fd54132c799bd136be1a55d717242922f935f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
---
features:
  - >
   [`blueprint implied-roles <https://blueprints.launchpad.net/keystone/+spec/implied-roles>`_]
   Keystone now supports creating implied roles. Role inference rules can now
   be added to indicate when the assignment of one role implies the assignment
   of another. The rules are of the form `prior_role` implies
   `implied_role`. At token generation time, user/group assignments of roles
   that have implied roles will be expanded to also include such roles in the
   token. The expansion of implied roles is controlled by the
   `prohibited_implied_role` option in the `[assignment]`
   section of `keystone.conf`.