807e65e352
This change updates the default policies implemented in Heat, to follow the updated guideline[1] to implement SRBAC. The main change is that system users are no longer allowed to perform any operations about project-level resources like alarms, while project admin(*1) is still allowed to perform operations about project-level resources BEYOND project (like getting alarms for all projects) [1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#direction-change Change-Id: I0a59e3f892aff306e47812b69dbf82066411a542
7 lines
229 B
YAML
7 lines
229 B
YAML
---
|
|
features:
|
|
- |
|
|
Aodh policies have been modified to isolate the system and project level
|
|
APIs policy. Because of this change, system users will not be allowed to
|
|
perform any operations on project level resources.
|