keystone/releasenotes/notes/bug-1649446-efff94143823755...

20 lines
732 B
YAML

---
fixes:
- |
[`Bug 1649446 <https://bugs.launchpad.net/keystone/+bug/1651989>`_]
The default policy for listing revocation events has changed. Previously,
any authenticated user could list revocation events; it is now, by default,
an admin or service user only function. This can be changed by modifying
the policy file being used by keystone.
upgrade:
- |
[`Related to Bug 1649446 <https://bugs.launchpad.net/keystone/+bug/1649446>`_]
The ``identity:list_revoke_events`` rule has been changed in both sample
policy files, ``policy.json`` and ``policy.v3cloudsample.json``. From::
"identity:list_revoke_events": ""
To::
"identity:list_revoke_events": "rule:service_or_admin"