Comment 10 for bug 1545717

It does seem like the severity could be reduced, but I have to say that I wrote that policy up purely using policy syntax and not in context of current policy enforcer code. I'm not sure if the data needed to perform the policy check is being passed in or not (sorry, didn't trace that far). Lakshmi Sampath would be good to get his opinion if you can add him to this bug.

https://github.com/openstack/glance/blob/cbfd4260424636c037a29f4d743e94752c4cf69f/glance/api/policy.py#L439