aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/etc/policies/policy_rbac_admin/assignment.json
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/etc/policies/policy_rbac_admin/assignment.json')
-rw-r--r--keystone-moon/etc/policies/policy_rbac_admin/assignment.json48
1 files changed, 48 insertions, 0 deletions
diff --git a/keystone-moon/etc/policies/policy_rbac_admin/assignment.json b/keystone-moon/etc/policies/policy_rbac_admin/assignment.json
new file mode 100644
index 00000000..f2378333
--- /dev/null
+++ b/keystone-moon/etc/policies/policy_rbac_admin/assignment.json
@@ -0,0 +1,48 @@
+{
+ "subject_assignments": {
+ "role": {
+ "admin": ["root_role"],
+ "demo": ["dev_role"]
+ }
+ },
+ "action_assignments": {
+ "action_id": {
+ "read": ["read"],
+ "write": ["write"]
+ }
+ },
+ "object_assignments": {
+ "object_id": {
+ "authz.subjects": ["authz.subjects"],
+ "authz.objects": ["authz.objects"],
+ "authz.actions": ["authz.actions"],
+ "authz.subject_categories": ["authz.subject_categories"],
+ "authz.object_categories": ["authz.object_categories"],
+ "authz.action_categories": ["authz.action_categories"],
+ "authz.subject_scopes": ["authz.subject_scopes"],
+ "authz.object_scopes": ["authz.object_scopes"],
+ "authz.action_scopes": ["authz.action_scopes"],
+ "authz.subject_assignments": ["authz.subject_assignments"],
+ "authz.object_assignments": ["authz.object_assignments"],
+ "authz.action_assignments": ["authz.action_assignments"],
+ "authz.aggregation_algorithm": ["authz.aggregation_algorithm"],
+ "authz.sub_meta_rules": ["authz.sub_meta_rules"],
+ "authz.rules": ["authz.rules"],
+ "admin.subjects": ["admin.subjects"],
+ "admin.objects": ["admin.objects"],
+ "admin.actions": ["admin.actions"],
+ "admin.subject_categories": ["admin.subject_categories"],
+ "admin.object_categories": ["admin.object_categories"],
+ "admin.action_categories": ["admin.action_categories"],
+ "admin.subject_scopes": ["admin.subject_scopes"],
+ "admin.object_scopes": ["admin.object_scopes"],
+ "admin.action_scopes": ["admin.action_scopes"],
+ "admin.subject_assignments": ["admin.subject_assignments"],
+ "admin.object_assignments": ["admin.object_assignments"],
+ "admin.action_assignments": ["admin.action_assignments"],
+ "admin.aggregation_algorithm": ["admin.aggregation_algorithm"],
+ "admin.sub_meta_rules": ["admin.sub_meta_rules"],
+ "admin.rules": ["admin.rules"]
+ }
+ }
+}