2620d14c5f
Users with the "creator" role on a project can now delete secrets owned by the project even if the user is different than the user that originally created the secret. Previous to this fix a user with the "creator" role was only allowed to delete a secret owned by the project if they were also the same user that originally created, which was inconsistent with the way that deletes are handled by other OpenStack projects that integrate with Barbican. This change does not affect the policy for delting private secrets (i.e. secrets with the "project-access" flag set to "false"). Story: 2009791 Task: 44324 Change-Id: Ie3e3adc1ee02d770de050f5cfa8110774bb1f661
12 lines
634 B
YAML
12 lines
634 B
YAML
---
|
|
security:
|
|
- |
|
|
Fixed Story #2009791: Users with the "creator" role on a project can now
|
|
delete secrets owned by the project even if the user is different than
|
|
the user that originally created the secret. Previous to this fix a user
|
|
with the "creator" role was only allowed to delete a secret owned by the
|
|
project if they were also the same user that originally created, which
|
|
was inconsistent with the way that deletes are handled by other OpenStack
|
|
projects that integrate with Barbican. This change does not affect private
|
|
secrets (i.e. secrets with the "project-access" flag set to "false").
|