summaryrefslogtreecommitdiffstats
path: root/etc/manila/policy.json
diff options
context:
space:
mode:
Diffstat (limited to 'etc/manila/policy.json')
-rw-r--r--etc/manila/policy.json8
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/manila/policy.json b/etc/manila/policy.json
index c9c7c51..db1408f 100644
--- a/etc/manila/policy.json
+++ b/etc/manila/policy.json
@@ -1,6 +1,6 @@
{
"deny_readonly": "not role:readonly",
- "context_is_admin": "role:admin",
+ "context_is_admin": "role:admin and rule:deny_readonly",
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
"default": "rule:admin_or_owner",
@@ -72,9 +72,9 @@
"share_type:default": "rule:default",
"share_type:create": "rule:admin_api",
"share_type:delete": "rule:admin_api",
- "share_type:add_project_access": "rule:admin_api",
+ "share_type:add_project_access": "rule:admin_api and rule:deny_readonly",
"share_type:list_project_access": "rule:admin_api",
- "share_type:remove_project_access": "rule:admin_api",
+ "share_type:remove_project_access": "rule:admin_api and rule:deny_readonly",
"share_types_extra_spec:create": "rule:admin_api",
"share_types_extra_spec:update": "rule:admin_api",
@@ -102,7 +102,7 @@
"share_network:detail": "rule:default",
"share_network:show": "rule:default",
"share_network:add_security_service": "rule:default",
- "share_network:remove_security_service": "rule:default",
+ "share_network:remove_security_service": "rule:default and rule:deny_readonly",
"share_network:get_all_share_networks": "rule:admin_api",
"scheduler_stats:pools:index": "rule:admin_api",
generated by cgit (git 2.34.1) at 2024-04-26 12:31:44 +0000