diff options
author | Vincent S. Cojot <vcojot@redhat.com> | 2017-04-18 11:39:45 -0400 |
---|---|---|
committer | Vincent S. Cojot <vcojot@redhat.com> | 2017-04-18 11:39:45 -0400 |
commit | 4582eb6f72c3c2eebe156e667143e4204f22bbe6 (patch) | |
tree | 7ea8634da97721c4d442e0e3040af856f9852e57 /etc/neutron | |
parent | 5920ca013bc91e28f02bd4ab8be88a724ead37ed (diff) | |
download | openstack-access-policy-4582eb6f72c3c2eebe156e667143e4204f22bbe6.tar.gz openstack-access-policy-4582eb6f72c3c2eebe156e667143e4204f22bbe6.tar.xz openstack-access-policy-4582eb6f72c3c2eebe156e667143e4204f22bbe6.zip |
More lock-downs in heat, aodh, glance and neutron...
Diffstat (limited to 'etc/neutron')
-rw-r--r-- | etc/neutron/policy.json | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/neutron/policy.json b/etc/neutron/policy.json index ccdb827..75b5a1f 100644 --- a/etc/neutron/policy.json +++ b/etc/neutron/policy.json @@ -64,10 +64,10 @@ "update_network:router:external": "rule:admin_only", "delete_network": "rule:admin_or_owner and rule:deny_readonly", - "create_segment": "rule:admin_only", + "create_segment": "rule:admin_only and rule:deny_readonly", "get_segment": "rule:admin_only", - "update_segment": "rule:admin_only", - "delete_segment": "rule:admin_only", + "update_segment": "rule:admin_only and rule:deny_readonly", + "delete_segment": "rule:admin_only and rule:deny_readonly", "network_device": "field:port:device_owner=~^network:", "create_port": "rule:deny_readonly", |