969309ffae
From: https://review.openstack.org/#/c/309346/ " I investigated the behaviour of the policy file when various policies are removed. A completely empty policy file will return a 403 Forbidden. As the user will not match with any of the policies. However, because glance has the policy ``default: ""``. It means that any policy that is not explicitly stated in the the policy.json, is by default usable by any member. I think that the ``default`` option is a potentially bad thing to have in the policy.json file, due to the ability to give permissions without explicitly stating it. " Therefore we should change ``"default": "",`` to ``"default": "role:admin",``. To make sure that members don't inherit policies that they shouldn't in the future. From a operators perspective it should be more secure to have an opt-in rather than opt-out. Change-Id: I57f9d4791126360079a941c1ff4cb2bbb86298d5 Closes-Bug: 1593177 |
||
|---|---|---|
| .. | ||
| notes | ||
| source | ||