openstack/barbican
Code Issues Proposed changes
2d405a8bfd
barbican/releasenotes/notes/remove-system-scope-from-policy-f2f68c42c0742812.yaml
Douglas Mendizábal 116a9045eb Remove System scope from policy 
As specified in Phase 1 of the Consistent and Secure Default RBAC
goal [1] policies have been updated to remove "system" scope and
only use "project" scope in all policies.

APIs with policies that previously required "system" scope have been
updated to accept "project" scoped tokens with the "admin" role instead.

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-1

Change-Id: I3b781112fc6ced7b73196f973cefd6a30ef99dd3
2023-06-05 15:03:06 -04:00

9 lines
367 B
YAML
Raw Blame History

---
security:
- |
System scope has been removed from the RBAC policies as specified in the
Consistent and Secure Default RBAC community goal. See:
https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html
APIs that required system scoped tokens can now be accessed by using a
project scoped token with the "admin" role.
View Git Blame Copy Permalink