Hi,
I am trying to setup the policies for nova. Can you please have a look if thats correct? nova/policy.json ———————————————————————————————— "context_is_admin": "role:admin", "admin_or_owner": "is_admin:True or project_id:%(project_id)s", "owner": "user_id:%(user_id)s", "admin_or_user": "is_admin:True or user_id:%(user_id)s", "default": "rule:admin_or_owner”, "compute:get_all": “rule:admin_or_user", ———————————————————————————————— I want users to only see there own instances, not the instances of all the users in the same tenant. I have restarted the nova-api service on controller, but no effect. I have noticed that if I put “rule:context_is_admin” in “compute:get_all" than except “admin" no one can see anything so system is reading the file correctly. Important: 1 - I haven’t changed the /etc/openstack-dashboard/nova_policy.json 2 - I have only used the command line client tool to confirm the behaviour. I am running Juno release. Please point to some document that discuss all the policy parameters. Thanks in advance. /Salman
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
