summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--etc/cinder/policy.json7
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/cinder/policy.json b/etc/cinder/policy.json
index 41bdade..4dc2030 100644
--- a/etc/cinder/policy.json
+++ b/etc/cinder/policy.json
@@ -1,7 +1,10 @@
{
"readonly": "(project_id:%(project_id)s and role:readonly)",
+ "domain_readonly": "(domain_id:%(domain_id)s and role:readonly)",
+ "global_readonly": "(role:readonly)",
"_member_role": "(role:member or role:_member_)",
"member": "(project_id:%(project_id)s and rule:_member_role)",
+ "domain_member": "(domain_id:%(domain_id)s and rule:_member_role)",
"admin": "(is_admin:True or role:admin)",
"owner": "(user_id:%(user_id)s and rule:_member_role)",
@@ -77,8 +80,8 @@
"volume:create_transfer": "rule:admin or rule:member",
"volume:accept_transfer": "rule:admin or rule:member",
"volume:delete_transfer": "rule:admin or rule:member",
- "volume:get_transfer": "rule:admin or rule:member",
- "volume:get_all_transfers": "rule:admin or rule:member",
+ "volume:get_transfer": "rule:admin or rule:member or rule:readonly",
+ "volume:get_all_transfers": "rule:admin or rule:member or rule:readonly",
"volume_extension:replication:promote": "rule:admin",
"volume_extension:replication:reenable": "rule:admin",