Could you please share the code details (starting ussuri release policy is moved into code) ? would the below be implementation not required, if the owner restrictions are in the code ?
"context_is_cloud_admin": "role:cloud_image_admin",
"context_is_admin": "rule:context_is_cloud_admin",
"is_owner": "project_id:%(is_owner)s",
"member": "role:member and rule:is_owner",
"admin": "role:image_admin and rule:is_owner",
"viewer": "role:image_viewer and rule:is_owner",
"context_is_image_admin": "rule:context_is_admin or rule:admin",
"context_is_editor": "rule:context_is_image_admin or rule:member",
"context_is_viewer": "rule:context_is_editor or rule:viewer",
i get HTTP 403 for get_image, get_images, download_image with the above policy rules, it works well if is_owner is removed.
Hi Brian,
Could you please share the code details (starting ussuri release policy is moved into code) ? would the below be implementation not required, if the owner restrictions are in the code ?
"context_ is_cloud_ admin": "role:cloud_ image_admin" , is_admin" : "rule:context_ is_cloud_ admin", id:%(is_ owner)s" , is_image_ admin": "rule:context_ is_admin or rule:admin", is_editor" : "rule:context_ is_image_ admin or rule:member", is_viewer" : "rule:context_ is_editor or rule:viewer",
"context_
"is_owner": "project_
"member": "role:member and rule:is_owner",
"admin": "role:image_admin and rule:is_owner",
"viewer": "role:image_viewer and rule:is_owner",
"context_
"context_
"context_
i get HTTP 403 for get_image, get_images, download_image with the above policy rules, it works well if is_owner is removed.