policy.yaml

Use the policy.yaml file to define additional access controls that will be applied to Aodh:

"context_is_admin": "role:admin"
"segregation": "rule:context_is_admin"
"admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s"
"default": "rule:context_is_admin or project_id:%(project_id)s"
"telemetry:get_alarm": "rule:context_is_admin or project_id:%(project_id)s"
"telemetry:get_alarms": "rule:context_is_admin or project_id:%(project_id)s"
"telemetry:get_alarms:all_projects": "rule:context_is_admin"
"telemetry:query_alarm": "rule:context_is_admin or project_id:%(project_id)s"
"telemetry:create_alarm": ""
"telemetry:change_alarm": "rule:context_is_admin or project_id:%(project_id)s"
"telemetry:delete_alarm": "rule:context_is_admin or project_id:%(project_id)s"
"telemetry:get_alarm_state": "rule:context_is_admin or project_id:%(project_id)s"
"telemetry:change_alarm_state": "rule:context_is_admin or project_id:%(project_id)s"
"telemetry:alarm_history": "rule:context_is_admin or project_id:%(project_id)s"
"telemetry:query_alarm_history": "rule:context_is_admin or project_id:%(project_id)s"
"telemetry:update_quotas": "rule:context_is_admin"
"telemetry:delete_quotas": "rule:context_is_admin"