From 2b472caab2101eb953b2be9b480b67fbcae6f869 Mon Sep 17 00:00:00 2001 From: Akihiro MOTOKI Date: Thu, 22 Aug 2013 11:34:43 +0900 Subject: [PATCH] Disallow non-admin to specify binding:profile Change-Id: Iefa4b251f3b0a373fb9b2b7d576e14d58afece59 Fixes-Bug: #1214873 --- etc/policy.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/policy.json b/etc/policy.json index 6310e2b136..78dd1e4c79 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -44,6 +44,7 @@ "create_port:fixed_ips": "rule:admin_or_network_owner", "create_port:port_security_enabled": "rule:admin_or_network_owner", "create_port:binding:host_id": "rule:admin_only", + "create_port:binding:profile": "rule:admin_only", "create_port:mac_learning_enabled": "rule:admin_or_network_owner", "get_port": "rule:admin_or_owner", "get_port:queue_id": "rule:admin_only", @@ -55,6 +56,7 @@ "update_port:fixed_ips": "rule:admin_or_network_owner", "update_port:port_security_enabled": "rule:admin_or_network_owner", "update_port:binding:host_id": "rule:admin_only", + "update_port:binding:profile": "rule:admin_only", "update_port:mac_learning_enabled": "rule:admin_or_network_owner", "delete_port": "rule:admin_or_owner",