diff --git a/neutron/conf/policies/floatingip.py b/neutron/conf/policies/floatingip.py index 682f9b56d9a..a17acefbbc3 100644 --- a/neutron/conf/policies/floatingip.py +++ b/neutron/conf/policies/floatingip.py @@ -33,7 +33,7 @@ rules = [ 'path': COLLECTION_PATH, }, ], - scope_types=['project'], + scope_types=['system', 'project'], deprecated_rule=policy.DeprecatedRule( name='create_floatingip', check_str=base.RULE_ANY, diff --git a/neutron/conf/policies/network.py b/neutron/conf/policies/network.py index f6ceb4858ec..4297ba79b8c 100644 --- a/neutron/conf/policies/network.py +++ b/neutron/conf/policies/network.py @@ -46,7 +46,7 @@ rules = [ policy.DocumentedRuleDefault( name='create_network', check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER, - scope_types=['project'], + scope_types=['system', 'project'], description='Create a network', operations=ACTION_POST, deprecated_rule=policy.DeprecatedRule( @@ -94,7 +94,7 @@ rules = [ policy.DocumentedRuleDefault( name='create_network:port_security_enabled', check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER, - scope_types=['project'], + scope_types=['system', 'project'], description=( 'Specify ``port_security_enabled`` ' 'attribute when creating a network' @@ -187,7 +187,7 @@ rules = [ policy.DocumentedRuleDefault( name='get_network:router:external', check_str=base.SYSTEM_OR_PROJECT_READER, - scope_types=['project'], + scope_types=['system', 'project'], description='Get ``router:external`` attribute of a network', operations=ACTION_GET, deprecated_rule=policy.DeprecatedRule( diff --git a/neutron/conf/policies/port.py b/neutron/conf/policies/port.py index 53cc4a40b1f..ceb3ad72e59 100644 --- a/neutron/conf/policies/port.py +++ b/neutron/conf/policies/port.py @@ -212,7 +212,7 @@ rules = [ policy.DocumentedRuleDefault( name='create_port:binding:vnic_type', check_str=base.SYSTEM_ADMIN_OR_PROJECT_MEMBER, - scope_types=['project'], + scope_types=['system', 'project'], description=( 'Specify ``binding:vnic_type`` ' 'attribute when creating a port'