Comment 6 for bug 1545732

> Any concerns if I remove the privacy setting and close the OSSA ?

I know I fat fingered setting this to public when I entered it, so there may be little grounds for saying it should stay private.

It's (hopefully) reasonably obvious that restricting the policies can workaround this in the short term.

> Unless this can cause disruption for other tenants using metadef

It causes disruption in the sense that if I set a metadef to be public it can then be modified by other tenants.

Compare images: if I set an image to be public, it can't be modified by other tenants.

Like Travis, I'd like to see the metadef APIs have more restrictive default policies.
That would work around this issue for example.

I agree with Travis that this makes sense as a default:

"add_metadef_namespace":"rule:admin_required"

I'm less sure about the 'rule:owner_or_public_and_not_protected' ones though, eg:

"modify_metadef_tag":"rule:owner_or_(public_and_not_protected)"

My guess is that users would expect public metadefs to be unmodifiable by others in the same way as public images.

I'd lean towards a default of:

"modify_metadef_tag":"rule:owner"

But then I'm not as familiar with this stuff as Travis.

@Travis is there a killer use case for all users being able to modify anyone's public metadefs by default?