Created question in FIWARE Q/A platform on 21-09-2016 at 14:09
Please, ANSWER this question AT http://stackoverflow.com/questions/39617005/keystone-create-user-and-permissions-by-api

Question:
Keystone create user and permissions by api

Description:
I have an instance of Keyrock in fiware lab.

in my app, im trying to create user with api as Fiware keystone api create user and access with horizon.

now i check user:

curl -s -H "X-Auth-Token:17007fe11124bd71eb60" http://localhost:5000/v3/users/admin | python -mjson.tool

response:

> {
> "user": {
> "default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e",
> "description": "admin",
> "domain_id": "default",
> "email": "admin@gmail.com",
> "enabled": true,
> "id": "admin",
> "links":

,
> "name": "admin@gmail.com",
> "username": "admin"
> } }

now name field is correct, but i cant log with this user in my Horizon. If i check the keystone.log, i can see this:

2016-09-21 12:28:50.353 1483 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 127.0.0.1
2016-09-21 12:28:50.445 1482 WARNING keystone.auth.controllers [-] User admin doesn't have access to default project d0f384973b9f4a57b975fcd9bef10c6e. The token will be unscoped rather than scoped to the project.
2016-09-21 12:28:50.767 1481 WARNING keystone.common.wsgi [-] You are not authorized to perform the requested action: identity:revoke_token
2016-09-21 12:29:42.900 1483 WARNING keystone.common.controller [-] RBAC: Bypassing authorization

and in Horizon:

Of course, the log explains problem: "User admin doesn't have access to default project d0f384973b9f4a57b975fcd9bef10c6e" But, how can i set permissions to this user in project?