keystone/releasenotes/notes/bug-1804523-d1768909b13b167...

33 lines
1.5 KiB
YAML

---
features:
- |
[`bug 1804523 <https://bugs.launchpad.net/keystone/+bug/1804523>`_]
The federated protocol API now supports the ``admin``, ``member``,
and ``reader`` default roles.
upgrade:
- |
[`bug 1804523 <https://bugs.launchpad.net/keystone/+bug/1804523>`_]
The federated protocol API uses new default policies that
make it more accessible to end users and administrators. Please consider
these new defaults if your deployment overrides federated protocol
policies.
deprecations:
- |
[`bug 1804523 <https://bugs.launchpad.net/keystone/+bug/1804523>`_]
The federated protocol policies have been deprecated. The
``identity:get_protocol`` and ``identity:list_protocols`` now use
``role:reader and system_scope:all`` instead of
``rule:admin_required``. The ``identity:create_protocol``,
``identity:update_protocol``, and ``identity:delete_protocol``
policies now use ``role:admin and system_scope:all`` instead of
``rule:admin_required``. These new defaults automatically account
for system-scope and support a read-only role, making it easier
for system administrators to delegate subsets of responsibility
without compromising security. Please consider these new defaults
if your deployment overrides the federated protocol policies.
security:
- |
[`bug 1804523 <https://bugs.launchpad.net/keystone/+bug/1804523>`_]
The federated protocol API now uses system-scope and default
roles to provide better accessibility to users in a secure way.