Node Multi-Tenancy

Node Multi-Tenancy¶

This guide explains the steps needed to enable node multi-tenancy. This feature enables non-admins to perform API actions on nodes, limited by policy configuration. The Bare Metal service supports two kinds of non-admin users:

Owner: owns specific nodes and performs administrative actions on them
Lessee: receives temporary and limited access to a node

Setting the Owner and Lessee¶

Non-administrative access to a node is controlled through a node’s owner or lessee attribute:

baremetal node set --owner 080925ee2f464a2c9dce91ee6ea354e2  node-7
baremetal node set --lessee 2a210e5ff114c8f2b6e994218f51a904  node-10

Ironic’s API automatically grants visibility and access to these nodes when a user request comes in with a “project” scope, i.e. credentials which indicate the user is in a user within a project.

In older versions of Ironic, this functionality had to be manually configured and then set via custom policies, but now it is automatically available in modern versions of Ironic.

this page last updated: 2025-09-26 11:10:46

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.