diff options
Diffstat (limited to 'keystone-moon/etc/policies/policy_authz/metarule.json')
-rw-r--r-- | keystone-moon/etc/policies/policy_authz/metarule.json | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/keystone-moon/etc/policies/policy_authz/metarule.json b/keystone-moon/etc/policies/policy_authz/metarule.json new file mode 100644 index 00000000..c9afd6c2 --- /dev/null +++ b/keystone-moon/etc/policies/policy_authz/metarule.json @@ -0,0 +1,24 @@ +{ + "sub_meta_rules": { + "mls_rule": { + "subject_categories": ["subject_security_level"], + "action_categories": ["resource_action"], + "object_categories": ["object_security_level"], + "algorithm": "inclusion" + }, + "dte_rule": { + "subject_categories": ["domain"], + "action_categories": ["access"], + "object_categories": ["type"], + "algorithm": "inclusion" + }, + "rbac_rule": { + "subject_categories": ["role", "domain"], + "action_categories": ["access"], + "object_categories": ["object_id"], + "algorithm": "inclusion" + } + }, + "aggregation": "all_true" +} + |