ffecec3c55
By default, the decision if to clean is a "system" decision, and not necessarilly a "user" or "operator" decision. However some operators may choose to have custom policies to enable specific tenants to have additional rights without granting special system scoped users. This change just changes the labeling on the default rule to permit it to match a project scoped user while leaving the default rule in place. This slightly changes the resulting error, but doesn't change the error code, and enables operators to run with custom rules for this entry. Change-Id: Ie963abcbff079664b8407499c3e943ad3fd8f315
9 lines
308 B
YAML
9 lines
308 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Fixes the policy scope checking for the RBAC Policy
|
|
``baremetal:node:disable_cleaning``, which previously
|
|
restricted to ``system`` user scope. The scope restriction
|
|
has been revised to permit ``project`` scoped matching,
|
|
but the default RBAC policy has not been revised.
|