glance/api-ref
Abhishek Kekane f8551de8c9 Make some metadef operations admin-only
This restricts all metadef resource manipulation to admin-only, but
still allow users to see everything. There are multiple low-grade
security issues with the metadef API, detailed in the related bug.
Restricting resource manipulation to admin-only solves most of these
concerns.

SecurityImpact
Depends-On: https://review.opendev.org/c/openstack/tempest/+/780108
Change-Id: I333c58e73c202c1f523030e54e03f2868459b595
Related-Bug: #1916926
2021-03-15 07:59:05 -07:00
..
source Make some metadef operations admin-only 2021-03-15 07:59:05 -07:00