1 files changed, 20 insertions, 14 deletions

diff --git a/etc/aodh/policy.json b/etc/aodh/policy.json
index 4fd873e..444f1d5 100644
--- a/etc/aodh/policy.json
+++ b/etc/aodh/policy.json
@@ -1,20 +1,26 @@
 {
-    "context_is_admin": "role:admin",
-    "segregation": "rule:context_is_admin",
-    "admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s",
-    "default": "rule:admin_or_owner",
+    "global_readonly": "(role:global_readonly)",
+    "readonly": "((project_id:%(project_id)s and role:readonly) or rule:global_readonly)",
+    "_member_role": "(role:member or role:_member_)",
+    "member": "(project_id:%(project_id)s and rule:_member_role)",
+    "admin": "(is_admin:True or role:admin)",
+    "owner": "(user_id:%(user_id)s and rule:_member_role)",
 
-    "telemetry:get_alarm": "rule:admin_or_owner",
-    "telemetry:get_alarms": "rule:admin_or_owner",
-    "telemetry:query_alarm": "rule:admin_or_owner",
+    "segregation": "rule:admin",
 
-    "telemetry:create_alarm": "",
-    "telemetry:change_alarm": "rule:admin_or_owner",
-    "telemetry:delete_alarm": "rule:admin_or_owner",
+    "default": "rule:admin or rule:member",
 
-    "telemetry:get_alarm_state": "rule:admin_or_owner",
-    "telemetry:change_alarm_state": "rule:admin_or_owner",
+    "telemetry:get_alarm": "rule:admin or rule:member",
+    "telemetry:get_alarms": "rule:admin or rule:member",
+    "telemetry:query_alarm": "rule:admin or rule:member",
 
-    "telemetry:alarm_history": "rule:admin_or_owner",
-    "telemetry:query_alarm_history": "rule:admin_or_owner"
+    "telemetry:create_alarm": "rule:admin or rule: member",
+    "telemetry:change_alarm": "rule:admin or rule:member",
+    "telemetry:delete_alarm": "rule:admin or rule:member",
+
+    "telemetry:get_alarm_state": "rule:admin or rule:member",
+    "telemetry:change_alarm_state": "rule:admin or rule:member",
+
+    "telemetry:alarm_history": "rule:admin or rule:member",
+    "telemetry:query_alarm_history": "rule:admin or rule:member"
 }