qinling/etc/policy.json.sample

{
    "context_is_admin": "role:admin or is_admin:1",
    "owner" : "project_id:%(project_id)s",
    "admin_or_owner": "rule:context_is_admin or rule:owner",
    "default": "rule:admin_or_owner",

    "runtime:create": "rule:context_is_admin",
    "runtime:update": "rule:context_is_admin",
    "runtime:delete": "rule:context_is_admin",

    "function:get_all:all_projects": "rule:context_is_admin",
    "function_worker:get_all": "rule:context_is_admin",
    "function:scale_up": "rule:context_is_admin",
    "function:scale_down": "rule:context_is_admin",
    "function:detach": "rule:context_is_admin",

    "execution:get_all:all_projects": "rule:context_is_admin",

    "webhook:get_all:all_projects": "rule:context_is_admin",

    "job:get_all:all_projects": "rule:context_is_admin",
}