0f0754dab8
This add new RBAC defaults in the cloukitty API policy. There is no change in the admin policy except they are scoped to the 'project'. Adding project reader role in the read APIs which continue to be allow by the member and admin role. Change-Id: Ia693a50210a850626adcd9daab1736335ae2b015
18 lines
528 B
YAML
18 lines
528 B
YAML
---
|
|
features:
|
|
- |
|
|
The CloudKitty policies implemented the scope concept and new default roles
|
|
(``admin``, ``member``, and ``reader``) provided by keystone.
|
|
upgrade:
|
|
- |
|
|
All the policies implement the ``scope_type`` and new defaults.
|
|
|
|
* **Scope**
|
|
|
|
Each policy is protected with ``project`` ``scope_type``.
|
|
|
|
* **New Defaults (Admin, Member and Reader)**
|
|
|
|
Policies are default to Admin, Member and Reader roles. Old roles are
|
|
also supported. There is no change in the legacy admin access.
|