Jamie Hannaford | ede3671 | 2014-10-30 13:43:42 +0100 | [diff] [blame] | 1 | // Package roles provides functionality to interact with and control roles on |
| 2 | // the API. |
| 3 | // |
| 4 | // A role represents a personality that a user can assume when performing a |
| 5 | // specific set of operations. If a role includes a set of rights and |
| 6 | // privileges, a user assuming that role inherits those rights and privileges. |
| 7 | // |
| 8 | // When a token is generated, the list of roles that user can assume is returned |
| 9 | // back to them. Services that are being called by that user determine how they |
| 10 | // interpret the set of roles a user has and to which operations or resources |
| 11 | // each role grants access. |
| 12 | // |
| 13 | // It is up to individual services such as Compute or Image to assign meaning |
| 14 | // to these roles. As far as the Identity service is concerned, a role is an |
| 15 | // arbitrary name assigned by the user. |
| 16 | package roles |