nova/releasenotes/notes/os-server-tags-default-policy-change-003a244908a67289.yaml
Sujitha f0c0621aa0 Change os-server-tags default policy
os-server-tags operations should be limited only to admin or owner
of the server. This patch changes the default policy to
from ANY to ADMIN_OR_OWNER.

This patch doesn't address the actual policy check at the API level.
This would be fixed as part of a wider effort. For now, we maintain
consistency with other similar APIs.

Change-Id: If5f48fad9f040dd08060b4a86858a3b223550956
Closes-Bug: #1581203
2017-03-21 14:45:55 +00:00

6 lines
282 B
YAML

upgrade:
- The default policy on os-server-tags has been changed from
``RULE_ANY`` (allow all) to ``RULE_ADMIN_OR_OWNER``. This is because server
tags should only be manipulated on servers owned by the user or admin. This
doesn't have any affect on how the API works.