diff options
-rw-r--r-- | etc/cinder/policy.json | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/cinder/policy.json b/etc/cinder/policy.json index 41bdade..4dc2030 100644 --- a/etc/cinder/policy.json +++ b/etc/cinder/policy.json @@ -1,7 +1,10 @@ { "readonly": "(project_id:%(project_id)s and role:readonly)", + "domain_readonly": "(domain_id:%(domain_id)s and role:readonly)", + "global_readonly": "(role:readonly)", "_member_role": "(role:member or role:_member_)", "member": "(project_id:%(project_id)s and rule:_member_role)", + "domain_member": "(domain_id:%(domain_id)s and rule:_member_role)", "admin": "(is_admin:True or role:admin)", "owner": "(user_id:%(user_id)s and rule:_member_role)", @@ -77,8 +80,8 @@ "volume:create_transfer": "rule:admin or rule:member", "volume:accept_transfer": "rule:admin or rule:member", "volume:delete_transfer": "rule:admin or rule:member", - "volume:get_transfer": "rule:admin or rule:member", - "volume:get_all_transfers": "rule:admin or rule:member", + "volume:get_transfer": "rule:admin or rule:member or rule:readonly", + "volume:get_all_transfers": "rule:admin or rule:member or rule:readonly", "volume_extension:replication:promote": "rule:admin", "volume_extension:replication:reenable": "rule:admin", |