Seems like we should use the same policy as the core openstack API, otherwise people will have to configure new policy for an api they may not release that had turned on, or something like that.
I agree that we should have a more granular policy on both in the long term, but thats not really the fix for this bug, as I see it.
Yeah, I am -1 for what chris said.
Seems like we should use the same policy as the core openstack API, otherwise people will have to configure new policy for an api they may not release that had turned on, or something like that.
I agree that we should have a more granular policy on both in the long term, but thats not really the fix for this bug, as I see it.