keystone/releasenotes/notes/bug-1805366-670867516c6fc4bc.yaml
Vishakha Agarwal 566f8e734d Remove system Domain Config from policy.v3cloudsample.json
By relying on system-scope and default roles, these policies are now
obsolete.

Change-Id: I21473f757611cfd3299d0227eddef89d4ef624ff
Partial-Bug: #1806762
Closes-Bug: #1805366
2019-09-15 20:39:19 +05:30

42 lines
1.8 KiB
YAML

---
features:
- |
[`bug 1805366 <https://bugs.launchpad.net/keystone/+bug/1805366>`_]
The Domain Config API now supports the ``admin``, ``member``, and ``reader``
default roles.
upgrade:
- |
[`bug 1805366 <https://bugs.launchpad.net/keystone/+bug/1805366>`_]
The Domain Config API uses new default policies to make it more
accessible to end users and administrators in a secure way. Please
consider these new defaults if your deployment overrides Domain Config
policies.
deprecations:
- |
[`bug 1805366 <https://bugs.launchpad.net/keystone/+bug/1805366>`_]
The Domain Config API policies have been deprecated. The
``identity:get_domain_config`` policy now uses
``role:reader and system_scope:all`` instead of
``rule:admin_required``.
The ``identity:get_domain_config_default`` policy
now use ``role:reader and system_scope:all`` instead of
``rule:admin_required``.The ``identity:create_domain_config`` policy
now use ``role:admin and system_scope:all`` instead of
``rule:admin_required``. The ``identity:update_domain_config`` policy
now use ``role:admin and system_scope:all`` instead of
``rule:admin_required``.
The ``identity:delete_domain_config`` policy
now uses ``role:admin and system_scope:all`` instead of
``rule:admin_required``.
These new defaults automatically account for system-scope and support
a read-only role, making it easier for system administrators to delegate
subsets of responsibility without compromising security. Please consider
these new defaults if your deployment overrides the domain config policies.
security:
- |
[`bug 1805366 <https://bugs.launchpad.net/keystone/+bug/1805366>`_]
The domain config API now uses system-scope and default roles to
provide better accessibility to users in a secure manner.