Sure.
$ diff -u /etc/neutron/policy.json{.bak,} --- /etc/neutron/policy.json.bak 2014-08-08 19:10:16.761472999 +0000 +++ /etc/neutron/policy.json 2014-08-18 13:59:54.825472999 +0000 @@ -1,5 +1,9 @@ { - "context_is_admin": "role:admin", + "is_cloud_admin": "role:cloud_admin", + "is_project_admin": "role:project_admin and tenant_id:%(tenant_id)s", + "is_project_member": "role:project_member and tenant_id:%(tenant_id)s", + + "context_is_admin": "rule:is_cloud_admin or role:admin", "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", "admin_only": "rule:context_is_admin", @@ -7,7 +11,7 @@ "shared": "field:networks:shared=True", "shared_firewalls": "field:firewalls:shared=True", "external": "field:networks:router:external=True", - "default": "rule:admin_or_owner", + "default": "rule:admin_only",
"subnets:private:read": "rule:admin_or_owner", "subnets:private:write": "rule:admin_or_owner",
Sure.
$ diff -u /etc/neutron/ policy. json{.bak, } policy. json.bak 2014-08-08 19:10:16.761472999 +0000 policy. json 2014-08-18 13:59:54.825472999 +0000 id:%(tenant_ id)s", member" : "role:project_ member and tenant_ id:%(tenant_ id)s", cloud_admin or role:admin", or_owner" : "rule:context_ is_admin or tenant_ id:%(tenant_ id)s", or_network_ owner": "rule:context_ is_admin or tenant_ id:%(network: tenant_ id)s", is_admin" , networks: shared= True", firewalls" : "field: firewalls: shared= True", networks: router: external= True", or_owner" ,
--- /etc/neutron/
+++ /etc/neutron/
@@ -1,5 +1,9 @@
{
- "context_is_admin": "role:admin",
+ "is_cloud_admin": "role:cloud_admin",
+ "is_project_admin": "role:project_admin and tenant_
+ "is_project_
+
+ "context_is_admin": "rule:is_
"admin_
"admin_
"admin_only": "rule:context_
@@ -7,7 +11,7 @@
"shared": "field:
"shared_
"external": "field:
- "default": "rule:admin_
+ "default": "rule:admin_only",
"subnets: private: read": "rule:admin_ or_owner" , private: write": "rule:admin_ or_owner" ,
"subnets: