More lock-downs in heat, aodh, glance and neutron...

author: Vincent S. Cojot <vcojot@redhat.com> 2017-04-18 11:39:45 -0400
committer: Vincent S. Cojot <vcojot@redhat.com> 2017-04-18 11:39:45 -0400
commit: 4582eb6f72c3c2eebe156e667143e4204f22bbe6 (patch)
tree: 7ea8634da97721c4d442e0e3040af856f9852e57 /etc/neutron
parent: 5920ca013bc91e28f02bd4ab8be88a724ead37ed (diff)
download: openstack-access-policy-4582eb6f72c3c2eebe156e667143e4204f22bbe6.tar.gz
openstack-access-policy-4582eb6f72c3c2eebe156e667143e4204f22bbe6.tar.xz
openstack-access-policy-4582eb6f72c3c2eebe156e667143e4204f22bbe6.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/neutron/policy.json b/etc/neutron/policy.json
index ccdb827..75b5a1f 100644
--- a/etc/neutron/policy.json
+++ b/etc/neutron/policy.json
@@ -64,10 +64,10 @@
     "update_network:router:external": "rule:admin_only",
     "delete_network": "rule:admin_or_owner and rule:deny_readonly",
 
-    "create_segment": "rule:admin_only",
+    "create_segment": "rule:admin_only and rule:deny_readonly",
     "get_segment": "rule:admin_only",
-    "update_segment": "rule:admin_only",
-    "delete_segment": "rule:admin_only",
+    "update_segment": "rule:admin_only and rule:deny_readonly",
+    "delete_segment": "rule:admin_only and rule:deny_readonly",
 
     "network_device": "field:port:device_owner=~^network:",
     "create_port": "rule:deny_readonly",
author	Vincent S. Cojot <vcojot@redhat.com>	2017-04-18 11:39:45 -0400
committer	Vincent S. Cojot <vcojot@redhat.com>	2017-04-18 11:39:45 -0400
commit	4582eb6f72c3c2eebe156e667143e4204f22bbe6 (patch)
tree	7ea8634da97721c4d442e0e3040af856f9852e57 /etc/neutron
parent	5920ca013bc91e28f02bd4ab8be88a724ead37ed (diff)
download	openstack-access-policy-4582eb6f72c3c2eebe156e667143e4204f22bbe6.tar.gz openstack-access-policy-4582eb6f72c3c2eebe156e667143e4204f22bbe6.tar.xz openstack-access-policy-4582eb6f72c3c2eebe156e667143e4204f22bbe6.zip