An openstack project space is simply a context for allocating resource and enforcing quotas. By default, each cloud.rc user is assigned their own project space with a "starter" quota. This project has the same name as as their login id. They can use this project to deploy their own instances. They are also the only user that is a member of this project.

It may be desirable for multiple people to collaborate in the operation of cloud instances. There are multiple approaches to accomplish this:

A simple option that works with the default configuration above, is simply to add the desired co-sysadmin's public ssh key to an instance. This makes is possible for additional users to participate in instance operations. Care should be taken to avoid multiple sysadmins from making changes to the instances. As always, you need to trust your sysadmins.

In this scenario, instances remain running in the default project space where they launched the instance. The user is the only person who can grant access to this project. The cloud.rc web-UI restricts access only to members explicitly added to the project (i.e. the user alone). However, the user can create application credentials to grant access to other applications via the OpenStack API. Again, this should only done with trusted sysadmins. Anyone granted control over the project space can delete instances or other resources. Just like in real life, you should only give room keys to people you trust not to throw your computer in the trash.

A more sophisticated project configuration is possible by adding multiple users to a project. This configuration is desirable if there are multiple people sharing operational responsibilities for shared resources, e.g. a lab with multiple instances. In this case, a project can be created for the lab and multiple users added to the lab. All the same cautions for the simple solution above apply. Anyone with access to the shared lab space can delete instances and other resources. Users in this configuration will be able to access the shared project in the cloud.rc web-UI or grant other applications through the creation of application credentials. Again, it is important that you trust your sysadmins.

It is possible to move from the simple default project configuration with one user to the more sophisticated multi-user project. This requesting the creation of a named, shared project space and identify the user who should have administrative access to this project. Users can then move their own cloud instances into this share project space through normal cloud operations. An outline of this project is:

• save your instance as image
• share the image with the shared project
• accept the image into shared project
• launch an instance of the image in the shared project space
• similar steps are followed for moving data volumes between projects

The cloud.rc documentation needs to be extended to describe these operations.

There are many helpful resources online:
https://www.cac.cornell.edu/wiki/index.php?title=Share_An_Image_In_Openstack
https://docs.ukcloud.com/articles/openstack/ostack-how-move-resources.html