diff options
Diffstat (limited to 'etc/ceilometer/policy.json')
-rw-r--r-- | etc/ceilometer/policy.json | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/etc/ceilometer/policy.json b/etc/ceilometer/policy.json index a5e836a..2b13529 100644 --- a/etc/ceilometer/policy.json +++ b/etc/ceilometer/policy.json @@ -1,18 +1,25 @@ { + "global_readonly": "(role:global_readonly)", + "readonly": "((project_id:%(project_id)s and role:readonly) or rule:global_readonly)", + "_member_role": "(role:member or role:_member_)", + "member": "(project_id:%(project_id)s and rule:_member_role)", + "admin": "(is_admin:True or role:admin)", + "owner": "(user_id:%(user_id)s and rule:_member_role)", + "context_is_admin": "role:admin", "segregation": "rule:context_is_admin", - "telemetry:get_samples": "", - "telemetry:get_sample": "", - "telemetry:query_sample": "", - "telemetry:create_samples": "", + "telemetry:get_samples": "rule:admin or rule: member", + "telemetry:get_sample": "rule:admin or rule: member", + "telemetry:query_sample": "rule:admin or rule: member", + "telemetry:create_samples": "rule:admin or rule: member", - "telemetry:compute_statistics": "", - "telemetry:get_meters": "", + "telemetry:compute_statistics": "rule:admin or rule: member", + "telemetry:get_meters": "rule:admin or rule: member", - "telemetry:get_resource": "", - "telemetry:get_resources": "", + "telemetry:get_resource": "rule:admin or rule: member", + "telemetry:get_resources": "rule:admin or rule: member", - "telemetry:events:index": "", - "telemetry:events:show": "" + "telemetry:events:index": "rule:admin or rule: member", + "telemetry:events:show": "rule:admin or rule: member" } |