1 files changed, 17 insertions, 10 deletions

diff --git a/etc/ceilometer/policy.json b/etc/ceilometer/policy.json
index a5e836a..2b13529 100644
--- a/etc/ceilometer/policy.json
+++ b/etc/ceilometer/policy.json
@@ -1,18 +1,25 @@
 {
+    "global_readonly": "(role:global_readonly)",
+    "readonly": "((project_id:%(project_id)s and role:readonly) or rule:global_readonly)",
+    "_member_role": "(role:member or role:_member_)",
+    "member": "(project_id:%(project_id)s and rule:_member_role)",
+    "admin": "(is_admin:True or role:admin)",
+    "owner": "(user_id:%(user_id)s and rule:_member_role)",
+
     "context_is_admin": "role:admin",
     "segregation": "rule:context_is_admin",
 
-    "telemetry:get_samples": "",
-    "telemetry:get_sample": "",
-    "telemetry:query_sample": "",
-    "telemetry:create_samples": "",
+    "telemetry:get_samples": "rule:admin or rule: member",
+    "telemetry:get_sample": "rule:admin or rule: member",
+    "telemetry:query_sample": "rule:admin or rule: member",
+    "telemetry:create_samples": "rule:admin or rule: member",
 
-    "telemetry:compute_statistics": "",
-    "telemetry:get_meters": "",
+    "telemetry:compute_statistics": "rule:admin or rule: member",
+    "telemetry:get_meters": "rule:admin or rule: member",
 
-    "telemetry:get_resource": "",
-    "telemetry:get_resources": "",
+    "telemetry:get_resource": "rule:admin or rule: member",
+    "telemetry:get_resources": "rule:admin or rule: member",
 
-    "telemetry:events:index": "",
-    "telemetry:events:show": ""
+    "telemetry:events:index": "rule:admin or rule: member",
+    "telemetry:events:show": "rule:admin or rule: member"
 }