Comment 4 for bug 1841050

Revision history for this message
Sam Morrison (sorrison) wrote :

We have this issue with the default policy, the issue for us is if the network is a shared network owned by an admin and the port within that network is owned by the user then the user isn't allowed to update port security.

Policy is

"update_port:port_security_enabled": "rule:context_is_advsvc or rule:admin_or_network_owner",

One way to help mitigate this is to not send neutron the port_security_enabled attribute if this attribute is not being changed by the user