diff options
Diffstat (limited to 'etc/keystone/policy.json')
| -rw-r--r-- | etc/keystone/policy.json | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/etc/keystone/policy.json b/etc/keystone/policy.json index f0177fa..1e37bef 100644 --- a/etc/keystone/policy.json +++ b/etc/keystone/policy.json @@ -1,5 +1,4 @@ { - "deny_readonly": "not role:readonly", "admin_required": "role:admin or is_admin:1", "service_role": "role:service", "service_or_admin": "rule:admin_required or rule:service_role", @@ -37,21 +36,21 @@ "identity:get_project": "rule:admin_required or project_id:%(target.project.id)s", "identity:list_projects": "rule:admin_required", - "identity:list_user_projects": "rule:admin_or_owner and rule:deny_readonly", + "identity:list_user_projects": "rule:admin_or_owner", "identity:create_project": "rule:admin_required", "identity:update_project": "rule:admin_required", "identity:delete_project": "rule:admin_required", - "identity:get_user": "rule:admin_or_owner and rule:deny_readonly", + "identity:get_user": "rule:admin_or_owner", "identity:list_users": "rule:admin_required", "identity:create_user": "rule:admin_required", "identity:update_user": "rule:admin_required", "identity:delete_user": "rule:admin_required", - "identity:change_password": "rule:admin_or_owner and rule:deny_readonly", + "identity:change_password": "rule:admin_or_owner", "identity:get_group": "rule:admin_required", "identity:list_groups": "rule:admin_required", - "identity:list_groups_for_user": "rule:admin_or_owner and rule:deny_readonly", + "identity:list_groups_for_user": "rule:admin_or_owner", "identity:create_group": "rule:admin_required", "identity:update_group": "rule:admin_required", "identity:delete_group": "rule:admin_required", @@ -67,8 +66,8 @@ "identity:delete_credential": "rule:admin_required", "identity:ec2_get_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)", - "identity:ec2_list_credentials": "rule:admin_or_owner and rule:deny_readonly", - "identity:ec2_create_credential": "rule:admin_or_owner and rule:deny_readonly", + "identity:ec2_list_credentials": "rule:admin_or_owner", + "identity:ec2_create_credential": "rule:admin_or_owner", "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)", "identity:get_role": "rule:admin_required", @@ -113,7 +112,7 @@ "identity:list_trusts": "", "identity:list_roles_for_trust": "", "identity:get_role_for_trust": "", - "identity:delete_trust": "rule:deny_readonly", + "identity:delete_trust": "", "identity:create_consumer": "rule:admin_required", "identity:get_consumer": "rule:admin_required", |