The policy.json
file defines additional access controls that apply
to the Shared File Systems service.
{
"context_is_admin": "role:admin",
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
"default": "rule:admin_or_owner",
"admin_api": "is_admin:True",
"availability_zone:index": "rule:default",
"quota_set:update": "rule:admin_api",
"quota_set:show": "rule:default",
"quota_set:delete": "rule:admin_api",
"quota_class_set:show": "rule:default",
"quota_class_set:update": "rule:admin_api",
"service:index": "rule:admin_api",
"service:update": "rule:admin_api",
"share:create": "",
"share:delete": "rule:default",
"share:get": "rule:default",
"share:get_all": "rule:default",
"share:list_by_share_server_id": "rule:admin_api",
"share:list_by_host": "rule:admin_api",
"share:update": "rule:default",
"share:access_get": "rule:default",
"share:access_get_all": "rule:default",
"share:allow_access": "rule:default",
"share:deny_access": "rule:default",
"share:extend": "rule:default",
"share:shrink": "rule:default",
"share:get_share_metadata": "rule:default",
"share:delete_share_metadata": "rule:default",
"share:update_share_metadata": "rule:default",
"share:migration_start": "rule:admin_api",
"share:migration_complete": "rule:admin_api",
"share:migration_cancel": "rule:admin_api",
"share:migration_get_progress": "rule:admin_api",
"share:reset_task_state": "rule:admin_api",
"share:manage": "rule:admin_api",
"share:unmanage": "rule:admin_api",
"share:force_delete": "rule:admin_api",
"share:reset_status": "rule:admin_api",
"share:revert_to_snapshot": "rule:default",
"share_export_location:index": "rule:default",
"share_export_location:show": "rule:default",
"share_instance:index": "rule:admin_api",
"share_instance:show": "rule:admin_api",
"share_instance:force_delete": "rule:admin_api",
"share_instance:reset_status": "rule:admin_api",
"share_instance_export_location:index": "rule:admin_api",
"share_instance_export_location:show": "rule:admin_api",
"share:create_snapshot": "rule:default",
"share:delete_snapshot": "rule:default",
"share:snapshot_update": "rule:default",
"share_snapshot:get_snapshot": "rule:default",
"share_snapshot:get_all_snapshots": "rule:default",
"share_snapshot:manage_snapshot": "rule:admin_api",
"share_snapshot:unmanage_snapshot": "rule:admin_api",
"share_snapshot:force_delete": "rule:admin_api",
"share_snapshot:reset_status": "rule:admin_api",
"share_snapshot:access_list": "rule:default",
"share_snapshot:allow_access": "rule:default",
"share_snapshot:deny_access": "rule:default",
"share_snapshot_export_location:index": "rule:default",
"share_snapshot_export_location:show": "rule:default",
"share_snapshot_instance:detail": "rule:admin_api",
"share_snapshot_instance:index": "rule:admin_api",
"share_snapshot_instance:show": "rule:admin_api",
"share_snapshot_instance:reset_status": "rule:admin_api",
"share_snapshot_instance_export_location:index": "rule:admin_api",
"share_snapshot_instance_export_location:show": "rule:admin_api",
"share_type:index": "rule:default",
"share_type:show": "rule:default",
"share_type:default": "rule:default",
"share_type:create": "rule:admin_api",
"share_type:delete": "rule:admin_api",
"share_type:add_project_access": "rule:admin_api",
"share_type:list_project_access": "rule:admin_api",
"share_type:remove_project_access": "rule:admin_api",
"share_types_extra_spec:create": "rule:admin_api",
"share_types_extra_spec:update": "rule:admin_api",
"share_types_extra_spec:show": "rule:admin_api",
"share_types_extra_spec:index": "rule:admin_api",
"share_types_extra_spec:delete": "rule:admin_api",
"security_service:create": "rule:default",
"security_service:delete": "rule:default",
"security_service:update": "rule:default",
"security_service:show": "rule:default",
"security_service:index": "rule:default",
"security_service:detail": "rule:default",
"security_service:get_all_security_services": "rule:admin_api",
"share_server:index": "rule:admin_api",
"share_server:show": "rule:admin_api",
"share_server:details": "rule:admin_api",
"share_server:delete": "rule:admin_api",
"share_network:create": "rule:default",
"share_network:delete": "rule:default",
"share_network:update": "rule:default",
"share_network:index": "rule:default",
"share_network:detail": "rule:default",
"share_network:show": "rule:default",
"share_network:add_security_service": "rule:default",
"share_network:remove_security_service": "rule:default",
"share_network:get_all_share_networks": "rule:admin_api",
"scheduler_stats:pools:index": "rule:admin_api",
"scheduler_stats:pools:detail": "rule:admin_api",
"share_group:create" : "rule:default",
"share_group:delete": "rule:default",
"share_group:update": "rule:default",
"share_group:get": "rule:default",
"share_group:get_all": "rule:default",
"share_group:force_delete": "rule:admin_api",
"share_group:reset_status": "rule:admin_api",
"share_group_snapshot:create" : "rule:default",
"share_group_snapshot:delete": "rule:default",
"share_group_snapshot:update" : "rule:default",
"share_group_snapshot:get": "rule:default",
"share_group_snapshot:get_all": "rule:default",
"share_group_snapshot:force_delete": "rule:admin_api",
"share_group_snapshot:reset_status": "rule:admin_api",
"share_replica:get_all": "rule:default",
"share_replica:show": "rule:default",
"share_replica:create" : "rule:default",
"share_replica:delete": "rule:default",
"share_replica:promote": "rule:default",
"share_replica:resync": "rule:admin_api",
"share_replica:reset_status": "rule:admin_api",
"share_replica:force_delete": "rule:admin_api",
"share_replica:reset_replica_state": "rule:admin_api",
"share_group_type:index": "rule:default",
"share_group_type:show": "rule:default",
"share_group_type:default": "rule:default",
"share_group_type:create": "rule:admin_api",
"share_group_type:delete": "rule:admin_api",
"share_group_type:add_project_access": "rule:admin_api",
"share_group_type:list_project_access": "rule:admin_api",
"share_group_type:remove_project_access": "rule:admin_api",
"share_group_types_spec:create": "rule:admin_api",
"share_group_types_spec:update": "rule:admin_api",
"share_group_types_spec:show": "rule:admin_api",
"share_group_types_spec:index": "rule:admin_api",
"share_group_types_spec:delete": "rule:admin_api",
"message:delete": "rule:default",
"message:get": "rule:default",
"message:get_all": "rule:default"
}
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.