Comment 1 for bug 1843931

Oh, actually I was mistaken. If you explicitly put both rules in the policy file then the warning is not triggered. It's only if you rely on the fact that the first rule is the default in code that you get the warning. So the problematic policy file is actually more like:

# This is the default from policy-in-code
#"identity:get_application_credential": "(role:reader and system_scope:all) or rule:owner"
"identity:get_application_credentials": "rule:identity:get_application_credential"

The rest of what I said is still valid.