x/ranger
Code Issues Proposed changes
ranger/etc/policy.json
jh629g 42f1c52620 Collapse policy.json files 
RMS has three rules which were not included into
the top level policy.json. These rules have been
moved to the top level in order to fix 403 against
uuid server. RMS specific policy.json was not
pointed at by any code, so with this fix
the file has been removed.

Change-Id: I8bf507a6336b8b07885e3e11490f1324bf29c5d4
2020-04-22 13:23:36 -05:00

126 lines
5.8 KiB
JSON
Raw Blame History

{
"default": "!",
"admin": "role:admin and tenant:admin or role:admin and tenant:service or role:admin and tenant:aqua-admin",
"admin_support": "role:admin_support and tenant:admin or role:admin_support and tenant:service or role:admin_support and tenant:aqua-admin",
"admin_viewer": "role:admin_viewer and tenant:admin or role:admin_viewer and tenant:service or role:admin_viewer and tenant:aqua-admin",
"flavor_creator": "role:ranger_flavor_creator and tenant:admin or role:ranger_flavor_creator and tenant:service or role:ranger_flavor_creator and tenant:aqua-admin",
"customer_creator": "role:ranger_customer_creator and tenant:admin or role:ranger_customer_creator and tenant:service or role:ranger_flavor_creator and tenant:aqua-admin",
"admin_or_flavor_creator": "rule:admin or rule:flavor_creator",
"admin_or_customer_creator": "rule:admin or rule:customer_creator",
"admin_or_support": "rule:admin or rule:admin_support",
"admin_or_support_or_flavor_creator": "rule:admin or rule:admin_support or rule:flavor_creator",
"admin_or_support_or_customer_creator": "rule:admin or rule:admin_support or rule:customer_creator",
"admin_or_support_or_viewer": "rule:admin or rule:admin_support or rule:admin_viewer",
"admin_or_support_or_viewer_or_flavor_creator": "rule:admin or rule:admin_support or rule:admin_viewer or rule:flavor_creator",
"admin_or_support_or_viewer_or_customer_creator": "rule:admin or rule:admin_support or rule:admin_viewer or rule:customer_creator",
"flavor:get_one": "rule:admin_or_support_or_viewer_or_flavor_creator",
"flavor:get_all": "rule:admin_or_support_or_viewer_or_flavor_creator",
"flavor:create": "rule:admin_or_support_or_flavor_creator",
"flavor:delete": "rule:admin",
"flavor:get_flavor_extra_specs": "rule:admin_or_support_or_viewer_or_flavor_creator",
"flavor:add_flavor_extra_specs": "rule:admin_or_support_or_flavor_creator",
"flavor:replace_flavor_extra_specs": "rule:admin_or_flavor_creator",
"flavor:delete_flavor_extra_specs": "rule:admin",
"flavor:add_flavor_regions": "rule:admin_or_support_or_flavor_creator",
"flavor:delete_flavor_region": "rule:admin",
"flavor:get_flavor_tags": "rule:admin_or_support_or_viewer_or_flavor_creator",
"flavor:add_flavor_tags": "rule:admin_or_support_or_flavor_creator",
"flavor:replace_flavor_tags": "rule:admin_or_flavor_creator",
"flavor:delete_flavor_tags": "rule:admin",
"flavor:add_flavor_tenants": "rule:admin_or_support_or_flavor_creator",
"flavor:delete_flavor_tenant": "rule:admin",
"lcp:get_one": "",
"lcp:get_all": "",
"region:get_one": "",
"region:get_all": "",
"region:create": "rule:admin_or_support",
"region:update": "rule:admin",
"region:delete": "rule:admin",
"group:get_one": "",
"group:get_all": "",
"group:create": "rule:admin_or_support",
"group:update": "rule:admin",
"group:delete": "rule:admin",
"configuration:get": "rule:admin_or_support_or_viewer",
"log:update": "rule:admin",
"metadata:get": "rule:admin_or_support_or_viewer",
"metadata:create": "rule:admin_or_support",
"metadata:update": "rule:admin",
"metadata:delete": "rule:admin",
"status:put": "rule:admin",
"customers:get_one": "rule:admin_or_support_or_viewer_or_customer_creator",
"customers:get_all": "rule:admin_or_support_or_viewer_or_customer_creator",
"customers:create": "rule:admin_or_support_or_customer_creator",
"customers:update": "rule:admin_or_customer_creator",
"customers:delete": "rule:admin",
"customers:add_region": "rule:admin_or_support_or_customer_creator",
"customers:update_region": "rule:admin_or_customer_creator",
"customers:delete_region": "rule:admin_or_customer_creator",
"customers:add_region_user": "rule:admin_or_support",
"customers:update_region_user": "rule:admin",
"customers:delete_region_user": "rule:admin",
"customers:add_default_user": "rule:admin_or_support",
"customers:update_default_user": "rule:admin",
"customers:delete_default_user": "rule:admin",
"customers:add_metadata": "rule:admin_or_support_or_customer_creator",
"customers:update_metadata": "rule:admin_or_customer_creator",
"customers:enable": "rule:admin_or_support_or_customer_creator",
"groups:get_one": "rule:admin_or_support_or_viewer_or_customer_creator",
"groups:get_all": "rule:admin_or_support_or_viewer_or_customer_creator",
"groups:create": "rule:admin_or_support_or_customer_creator",
"groups:update": "rule:admin_or_customer_creator",
"groups:delete": "rule:admin",
"groups:add_region": "rule:admin_or_support_or_customer_creator",
"groups:delete_region": "rule:admin_or_customer_creator",
"groups:assign_role": "rule:admin_or_support_or_customer_creator",
"groups:assign_region_role": "rule:admin_or_support_or_customer_creator",
"groups:unassign_role": "rule:admin_or_customer_creator",
"groups:add_group_default_users": "rule:admin_or_support",
"groups:delete_group_default_user": "rule:admin",
"groups:add_group_region_users": "rule:admin_or_support",
"groups:delete_group_region_user": "rule:admin",
"groups:get_all_roles": "rule:admin_or_support_or_viewer_or_customer_creator",
"image:create": "rule:admin_or_support",
"image:list": "rule:admin_or_support_or_viewer",
"image:get_one": "rule:admin_or_support_or_viewer",
"image:update": "rule:admin",
"image:delete": "rule:admin",
"image:enable": "rule:admin_or_support",
"region:create": "rule:admin_or_support",
"region:update": "rule:admin",
"region:delete": "rule:admin",
"tenant:create": "rule:admin_or_support",
"tenant:update": "rule:admin",
"tenant:delete": "rule:admin",
"uuid:get_one": "",
"uuid:delete": "rule:admin",
"configuration:get": "rule:admin_or_support_or_viewer",
"log:update": "rule:admin"
}
View Git Blame Copy Permalink