No policy enforcement for several delete metadef APIs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Undecided
|
Rick Bartra |
Bug Description
There is no policy enforcement for the following APIs:
Delete namespace: https:/
Delete object: https:/
Remove resource type association: https:/
Remove property definition: https:/
Delete tag definition: https:/
Most other APIs have policy enforcement, so the ones above should as well. Without adding policy enforcement for the above APIs, even the least privileged users (i.e. user with reader role) can perform the delete APIs noted above.
description: | updated |
Changed in glance: | |
assignee: | nobody → Rick Bartra (rb560u) |
Fix proposed to branch: master /review. openstack. org/584530
Review: https:/