policy.json

policy.json

The policy.json file defines additional access controls that apply to the Shared File Systems service.

{
    "context_is_admin": "role:admin",
    "admin_or_owner": "is_admin:True or project_id:%(project_id)s",
    "default": "rule:admin_or_owner",

    "admin_api": "is_admin:True",

    "availability_zone:index": "rule:default",

    "quota_set:update": "rule:admin_api",
    "quota_set:show": "rule:default",
    "quota_set:delete": "rule:admin_api",

    "quota_class_set:show": "rule:default",
    "quota_class_set:update": "rule:admin_api",

    "service:index": "rule:admin_api",
    "service:update": "rule:admin_api",

    "share:create": "",
    "share:delete": "rule:default",
    "share:get": "rule:default",
    "share:get_all": "rule:default",
    "share:list_by_share_server_id": "rule:admin_api",
    "share:list_by_host": "rule:admin_api",
    "share:update": "rule:default",
    "share:access_get": "rule:default",
    "share:access_get_all": "rule:default",
    "share:allow_access": "rule:default",
    "share:deny_access": "rule:default",
    "share:extend": "rule:default",
    "share:shrink": "rule:default",
    "share:get_share_metadata": "rule:default",
    "share:delete_share_metadata": "rule:default",
    "share:update_share_metadata": "rule:default",
    "share:migration_start": "rule:admin_api",
    "share:migration_complete": "rule:admin_api",
    "share:migration_cancel": "rule:admin_api",
    "share:migration_get_progress": "rule:admin_api",
    "share:reset_task_state": "rule:admin_api",
    "share:manage": "rule:admin_api",
    "share:unmanage": "rule:admin_api",
    "share:force_delete": "rule:admin_api",
    "share:reset_status": "rule:admin_api",
    "share:revert_to_snapshot": "rule:default",
    "share_export_location:index": "rule:default",
    "share_export_location:show": "rule:default",

    "share_instance:index": "rule:admin_api",
    "share_instance:show": "rule:admin_api",
    "share_instance:force_delete": "rule:admin_api",
    "share_instance:reset_status": "rule:admin_api",
    "share_instance_export_location:index": "rule:admin_api",
    "share_instance_export_location:show": "rule:admin_api",

    "share:create_snapshot": "rule:default",
    "share:delete_snapshot": "rule:default",
    "share:snapshot_update": "rule:default",
    "share_snapshot:get_snapshot": "rule:default",
    "share_snapshot:get_all_snapshots": "rule:default",
    "share_snapshot:manage_snapshot": "rule:admin_api",
    "share_snapshot:unmanage_snapshot": "rule:admin_api",
    "share_snapshot:force_delete": "rule:admin_api",
    "share_snapshot:reset_status": "rule:admin_api",
    "share_snapshot:access_list": "rule:default",
    "share_snapshot:allow_access": "rule:default",
    "share_snapshot:deny_access": "rule:default",
    "share_snapshot_export_location:index": "rule:default",
    "share_snapshot_export_location:show": "rule:default",

    "share_snapshot_instance:detail": "rule:admin_api",
    "share_snapshot_instance:index": "rule:admin_api",
    "share_snapshot_instance:show": "rule:admin_api",
    "share_snapshot_instance:reset_status": "rule:admin_api",
    "share_snapshot_instance_export_location:index": "rule:admin_api",
    "share_snapshot_instance_export_location:show": "rule:admin_api",

    "share_type:index": "rule:default",
    "share_type:show": "rule:default",
    "share_type:default": "rule:default",
    "share_type:create": "rule:admin_api",
    "share_type:delete": "rule:admin_api",
    "share_type:add_project_access": "rule:admin_api",
    "share_type:list_project_access": "rule:admin_api",
    "share_type:remove_project_access": "rule:admin_api",

    "share_types_extra_spec:create": "rule:admin_api",
    "share_types_extra_spec:update": "rule:admin_api",
    "share_types_extra_spec:show": "rule:admin_api",
    "share_types_extra_spec:index": "rule:admin_api",
    "share_types_extra_spec:delete": "rule:admin_api",

    "security_service:create": "rule:default",
    "security_service:delete": "rule:default",
    "security_service:update": "rule:default",
    "security_service:show": "rule:default",
    "security_service:index": "rule:default",
    "security_service:detail": "rule:default",
    "security_service:get_all_security_services": "rule:admin_api",

    "share_server:index": "rule:admin_api",
    "share_server:show": "rule:admin_api",
    "share_server:details": "rule:admin_api",
    "share_server:delete": "rule:admin_api",

    "share_network:create": "rule:default",
    "share_network:delete": "rule:default",
    "share_network:update": "rule:default",
    "share_network:index": "rule:default",
    "share_network:detail": "rule:default",
    "share_network:show": "rule:default",
    "share_network:add_security_service": "rule:default",
    "share_network:remove_security_service": "rule:default",
    "share_network:get_all_share_networks": "rule:admin_api",

    "scheduler_stats:pools:index": "rule:admin_api",
    "scheduler_stats:pools:detail": "rule:admin_api",

    "share_group:create" : "rule:default",
    "share_group:delete": "rule:default",
    "share_group:update": "rule:default",
    "share_group:get": "rule:default",
    "share_group:get_all": "rule:default",
    "share_group:force_delete": "rule:admin_api",
    "share_group:reset_status": "rule:admin_api",

    "share_group_snapshot:create" : "rule:default",
    "share_group_snapshot:delete": "rule:default",
    "share_group_snapshot:update" : "rule:default",
    "share_group_snapshot:get": "rule:default",
    "share_group_snapshot:get_all": "rule:default",
    "share_group_snapshot:force_delete": "rule:admin_api",
    "share_group_snapshot:reset_status": "rule:admin_api",

    "share_replica:get_all": "rule:default",
    "share_replica:show": "rule:default",
    "share_replica:create" : "rule:default",
    "share_replica:delete": "rule:default",
    "share_replica:promote": "rule:default",
    "share_replica:resync": "rule:admin_api",
    "share_replica:reset_status": "rule:admin_api",
    "share_replica:force_delete": "rule:admin_api",
    "share_replica:reset_replica_state": "rule:admin_api",

    "share_group_type:index": "rule:default",
    "share_group_type:show": "rule:default",
    "share_group_type:default": "rule:default",
    "share_group_type:create": "rule:admin_api",
    "share_group_type:delete": "rule:admin_api",
    "share_group_type:add_project_access": "rule:admin_api",
    "share_group_type:list_project_access": "rule:admin_api",
    "share_group_type:remove_project_access": "rule:admin_api",

    "share_group_types_spec:create": "rule:admin_api",
    "share_group_types_spec:update": "rule:admin_api",
    "share_group_types_spec:show": "rule:admin_api",
    "share_group_types_spec:index": "rule:admin_api",
    "share_group_types_spec:delete": "rule:admin_api",

    "message:delete": "rule:default",
    "message:get": "rule:default",
    "message:get_all": "rule:default"
}
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.