diff options
author | Sean Pryor <spryor@redhat.com> | 2017-06-05 15:35:25 -0400 |
---|---|---|
committer | Sean Pryor <spryor@redhat.com> | 2017-06-05 15:35:25 -0400 |
commit | ab91ff350034a186fe7f1400c2ffece96efaeacf (patch) | |
tree | bb078096a7fd7f78b76028e2d037034a0e88780d /etc/manila/policy.json | |
parent | 8da390dc08f48fbfaf3d35c0576d65b5085a0b8c (diff) | |
download | openstack-access-policy-ab91ff350034a186fe7f1400c2ffece96efaeacf.tar.gz openstack-access-policy-ab91ff350034a186fe7f1400c2ffece96efaeacf.tar.xz openstack-access-policy-ab91ff350034a186fe7f1400c2ffece96efaeacf.zip |
Created branch 'original' with unmodified policies
Change-Id: Ia0b0ae2786caabf70b16020bfdfe26c4b02fa0ea
Diffstat (limited to 'etc/manila/policy.json')
-rw-r--r-- | etc/manila/policy.json | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/etc/manila/policy.json b/etc/manila/policy.json index f2002ff..d8188f6 100644 --- a/etc/manila/policy.json +++ b/etc/manila/policy.json @@ -1,8 +1,7 @@ { - "deny_readonly": "not role:readonly", - "context_is_admin": "role:admin and rule:deny_readonly", + "context_is_admin": "role:admin", "admin_or_owner": "is_admin:True or project_id:%(project_id)s", - "default": "rule:admin_or_owner and rule:deny_readonly", + "default": "rule:admin_or_owner", "admin_api": "is_admin:True", @@ -18,7 +17,7 @@ "service:index": "rule:admin_api", "service:update": "rule:admin_api", - "share:create": "rule:deny_readonly", + "share:create": "", "share:delete": "rule:default", "share:get": "rule:default", "share:get_all": "rule:default", @@ -72,9 +71,9 @@ "share_type:default": "rule:default", "share_type:create": "rule:admin_api", "share_type:delete": "rule:admin_api", - "share_type:add_project_access": "rule:admin_api and rule:deny_readonly", + "share_type:add_project_access": "rule:admin_api", "share_type:list_project_access": "rule:admin_api", - "share_type:remove_project_access": "rule:admin_api and rule:deny_readonly", + "share_type:remove_project_access": "rule:admin_api", "share_types_extra_spec:create": "rule:admin_api", "share_types_extra_spec:update": "rule:admin_api", @@ -102,7 +101,7 @@ "share_network:detail": "rule:default", "share_network:show": "rule:default", "share_network:add_security_service": "rule:default", - "share_network:remove_security_service": "rule:default and rule:deny_readonly", + "share_network:remove_security_service": "rule:default", "share_network:get_all_share_networks": "rule:admin_api", "scheduler_stats:pools:index": "rule:admin_api", |