Comment 1 for bug 1187104

You are correct that there is no 'owns' check, but the policy engine does support checking against arbitrary fields in a 'target'. In a lot(most?) of those checks that occur in the compute/api.py layer, vs the wsgi layer, the target is an instance dict so something like user_id:%(user_id)s would work. Now, that's not universally true so there may be specific checks that could use a more robust target to check against, and I would suggest opening bugs for specific checks in that case. So I marked this as invalid because I think it's a bit general and is somewhat supported. But please open reports for specific policy checks that are too limiting.

If you're interested in expanding the policy engine capabilities to support an owns resource that would fall under a blueprint rather than a bug report.