diff options
author | DUVAL Thomas <thomas.duval@orange.com> | 2016-06-09 09:11:50 +0200 |
---|---|---|
committer | DUVAL Thomas <thomas.duval@orange.com> | 2016-06-09 09:11:50 +0200 |
commit | 2e7b4f2027a1147ca28301e4f88adf8274b39a1f (patch) | |
tree | 8b8d94001ebe6cc34106cf813b538911a8d66d9a /keystone-moon/etc/policy.json | |
parent | a33bdcb627102a01244630a54cb4b5066b385a6a (diff) |
Update Keystone core to Mitaka.
Change-Id: Ia10d6add16f4a9d25d1f42d420661c46332e69db
Diffstat (limited to 'keystone-moon/etc/policy.json')
-rw-r--r-- | keystone-moon/etc/policy.json | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/keystone-moon/etc/policy.json b/keystone-moon/etc/policy.json index ebb94b02..797af24d 100644 --- a/keystone-moon/etc/policy.json +++ b/keystone-moon/etc/policy.json @@ -34,7 +34,7 @@ "identity:update_domain": "rule:admin_required", "identity:delete_domain": "rule:admin_required", - "identity:get_project": "rule:admin_required", + "identity:get_project": "rule:admin_required or project_id:%(target.project.id)s", "identity:list_projects": "rule:admin_required", "identity:list_user_projects": "rule:admin_or_owner", "identity:create_project": "rule:admin_required", @@ -75,6 +75,18 @@ "identity:create_role": "rule:admin_required", "identity:update_role": "rule:admin_required", "identity:delete_role": "rule:admin_required", + "identity:get_domain_role": "rule:admin_required", + "identity:list_domain_roles": "rule:admin_required", + "identity:create_domain_role": "rule:admin_required", + "identity:update_domain_role": "rule:admin_required", + "identity:delete_domain_role": "rule:admin_required", + + "identity:get_implied_role": "rule:admin_required ", + "identity:list_implied_roles": "rule:admin_required", + "identity:create_implied_role": "rule:admin_required", + "identity:delete_implied_role": "rule:admin_required", + "identity:list_role_inference_rules": "rule:admin_required", + "identity:check_implied_role": "rule:admin_required", "identity:check_grant": "rule:admin_required", "identity:list_grants": "rule:admin_required", @@ -82,6 +94,7 @@ "identity:revoke_grant": "rule:admin_required", "identity:list_role_assignments": "rule:admin_required", + "identity:list_role_assignments_for_tree": "rule:admin_required", "identity:get_policy": "rule:admin_required", "identity:list_policies": "rule:admin_required", @@ -180,5 +193,6 @@ "identity:create_domain_config": "rule:admin_required", "identity:get_domain_config": "rule:admin_required", "identity:update_domain_config": "rule:admin_required", - "identity:delete_domain_config": "rule:admin_required" + "identity:delete_domain_config": "rule:admin_required", + "identity:get_domain_config_default": "rule:admin_required" } |