summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/aodh/policy.json6
-rw-r--r--etc/glance/policy.json6
-rw-r--r--etc/neutron/policy.json6
3 files changed, 9 insertions, 9 deletions
diff --git a/etc/aodh/policy.json b/etc/aodh/policy.json
index b4ea233..1b6715e 100644
--- a/etc/aodh/policy.json
+++ b/etc/aodh/policy.json
@@ -10,11 +10,11 @@
"telemetry:query_alarm": "rule:admin_or_owner",
"telemetry:create_alarm": "rule:deny_readonly",
- "telemetry:change_alarm": "rule:admin_or_owner",
- "telemetry:delete_alarm": "rule:admin_or_owner",
+ "telemetry:change_alarm": "rule:admin_or_owner and rule:deny_readonly",
+ "telemetry:delete_alarm": "rule:admin_or_owner and rule:deny_readonly",
"telemetry:get_alarm_state": "rule:admin_or_owner",
- "telemetry:change_alarm_state": "rule:admin_or_owner",
+ "telemetry:change_alarm_state": "rule:admin_or_owner and rule:deny_readonly",
"telemetry:alarm_history": "rule:admin_or_owner",
"telemetry:query_alarm_history": "rule:admin_or_owner"
diff --git a/etc/glance/policy.json b/etc/glance/policy.json
index 22d3fa4..7913cf1 100644
--- a/etc/glance/policy.json
+++ b/etc/glance/policy.json
@@ -28,8 +28,8 @@
"get_task": "role:admin",
"get_tasks": "role:admin",
- "add_task": "role:admin",
- "modify_task": "role:admin",
+ "add_task": "role:admin and rule:deny_readonly",
+ "modify_task": "role:admin and rule:deny_readonly",
"deactivate": "rule:deny_readonly",
"reactivate": "rule:deny_readonly",
@@ -46,7 +46,7 @@
"list_metadef_resource_types":"",
"get_metadef_resource_type":"",
- "add_metadef_resource_type_association":"",
+ "add_metadef_resource_type_association":"rule:deny_readonly",
"get_metadef_property":"",
"get_metadef_properties":"",
diff --git a/etc/neutron/policy.json b/etc/neutron/policy.json
index ccdb827..75b5a1f 100644
--- a/etc/neutron/policy.json
+++ b/etc/neutron/policy.json
@@ -64,10 +64,10 @@
"update_network:router:external": "rule:admin_only",
"delete_network": "rule:admin_or_owner and rule:deny_readonly",
- "create_segment": "rule:admin_only",
+ "create_segment": "rule:admin_only and rule:deny_readonly",
"get_segment": "rule:admin_only",
- "update_segment": "rule:admin_only",
- "delete_segment": "rule:admin_only",
+ "update_segment": "rule:admin_only and rule:deny_readonly",
+ "delete_segment": "rule:admin_only and rule:deny_readonly",
"network_device": "field:port:device_owner=~^network:",
"create_port": "rule:deny_readonly",
generated by cgit (git 2.34.1) at 2024-09-20 11:03:32 +0000