keystone/releasenotes/notes/bug-1805372-af4ebf4b19500b7...

31 lines
1.2 KiB
YAML

---
features:
- |
[`bug 1805372 <https://bugs.launchpad.net/keystone/+bug/1805372>`_]
The registered limit and limit API now support the ``admin``,
``member``, and ``reader`` default roles.
upgrade:
- |
[`bug 1805372 <https://bugs.launchpad.net/keystone/+bug/1805372>`_]
Several of the registered limit and limit policies have been
deprecated. The following policies now use ``role:admin and
system_scope:all`` instead of ``rule:admin_required``:
* ``identity:create_registered_limits``
* ``identity:update_registered_limit``
* ``identity:delete_registered_limit``
* ``identity:create_limits``
* ``identity:update_limit``
* ``identity:delete_limit``
These policies are not being formally deprecated because the
unified limits API is still considered experimental. These
new default automatically account for system-scope. Please
consider these new defaults if your deployment overrides the
registered limit or limit policies.
security:
- |
[`bug 1805372 <https://bugs.launchpad.net/keystone/+bug/1805372>`_]
The registered limit and limit APIs now uses system-scope and default roles
to provide better accessibility to users in a secure way.