Comment 2 for bug 1790446

Hi Brian,

Could you please share the code details (starting ussuri release policy is moved into code) ? would the below be implementation not required, if the owner restrictions are in the code ?

    "context_is_cloud_admin": "role:cloud_image_admin",
    "context_is_admin": "rule:context_is_cloud_admin",
    "is_owner": "project_id:%(is_owner)s",
    "member": "role:member and rule:is_owner",
    "admin": "role:image_admin and rule:is_owner",
    "viewer": "role:image_viewer and rule:is_owner",
    "context_is_image_admin": "rule:context_is_admin or rule:admin",
    "context_is_editor": "rule:context_is_image_admin or rule:member",
    "context_is_viewer": "rule:context_is_editor or rule:viewer",

i get HTTP 403 for get_image, get_images, download_image with the above policy rules, it works well if is_owner is removed.