{ "context_is_admin": "role:admin and is_admin_project:True", "project_admin": "role:admin", "deny_stack_user": "not role:heat_stack_user", "deny_everybody": "!", "cloudformation:ListStacks": "rule:deny_stack_user", "cloudformation:CreateStack": "rule:deny_stack_user", "cloudformation:DescribeStacks": "rule:deny_stack_user", "cloudformation:DeleteStack": "rule:deny_stack_user", "cloudformation:UpdateStack": "rule:deny_stack_user", "cloudformation:CancelUpdateStack": "rule:deny_stack_user", "cloudformation:DescribeStackEvents": "rule:deny_stack_user", "cloudformation:ValidateTemplate": "rule:deny_stack_user", "cloudformation:GetTemplate": "rule:deny_stack_user", "cloudformation:EstimateTemplateCost": "rule:deny_stack_user", "cloudformation:DescribeStackResource": "", "cloudformation:DescribeStackResources": "rule:deny_stack_user", "cloudformation:ListStackResources": "rule:deny_stack_user", "cloudwatch:DeleteAlarms": "rule:deny_stack_user", "cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user", "cloudwatch:DescribeAlarms": "rule:deny_stack_user", "cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user", "cloudwatch:DisableAlarmActions": "rule:deny_stack_user", "cloudwatch:EnableAlarmActions": "rule:deny_stack_user", "cloudwatch:GetMetricStatistics": "rule:deny_stack_user", "cloudwatch:ListMetrics": "rule:deny_stack_user", "cloudwatch:PutMetricAlarm": "rule:deny_stack_user", "cloudwatch:PutMetricData": "", "cloudwatch:SetAlarmState": "rule:deny_stack_user", "actions:action": "rule:deny_stack_user", "build_info:build_info": "rule:deny_stack_user", "events:index": "rule:deny_stack_user", "events:show": "rule:deny_stack_user", "resource:index": "rule:deny_stack_user", "resource:metadata": "", "resource:signal": "", "resource:mark_unhealthy": "rule:deny_stack_user", "resource:show": "rule:deny_stack_user", "stacks:abandon": "rule:deny_stack_user", "stacks:create": "rule:deny_stack_user", "stacks:delete": "rule:deny_stack_user", "stacks:detail": "rule:deny_stack_user", "stacks:export": "rule:deny_stack_user", "stacks:generate_template": "rule:deny_stack_user", "stacks:global_index": "rule:deny_stack_user", "stacks:index": "rule:deny_stack_user", "stacks:list_resource_types": "rule:deny_stack_user", "stacks:list_template_versions": "rule:deny_stack_user", "stacks:list_template_functions": "rule:deny_stack_user", "stacks:lookup": "", "stacks:preview": "rule:deny_stack_user", "stacks:resource_schema": "rule:deny_stack_user", "stacks:show": "rule:deny_stack_user", "stacks:template": "rule:deny_stack_user", "stacks:environment": "rule:deny_stack_user", "stacks:files": "rule:deny_stack_user", "stacks:update": "rule:deny_stack_user", "stacks:update_patch": "rule:deny_stack_user", "stacks:preview_update": "rule:deny_stack_user", "stacks:preview_update_patch": "rule:deny_stack_user", "stacks:validate_template": "rule:deny_stack_user", "stacks:snapshot": "rule:deny_stack_user", "stacks:show_snapshot": "rule:deny_stack_user", "stacks:delete_snapshot": "rule:deny_stack_user", "stacks:list_snapshots": "rule:deny_stack_user", "stacks:restore_snapshot": "rule:deny_stack_user", "stacks:list_outputs": "rule:deny_stack_user", "stacks:show_output": "rule:deny_stack_user", "software_configs:global_index": "rule:deny_stack_user", "software_configs:index": "rule:deny_stack_user", "software_configs:create": "rule:deny_stack_user", "software_configs:show": "rule:deny_stack_user", "software_configs:delete": "rule:deny_stack_user", "software_deployments:index": "rule:deny_stack_user", "software_deployments:create": "rule:deny_stack_user", "software_deployments:show": "rule:deny_stack_user", "software_deployments:update": "rule:deny_stack_user", "software_deployments:delete": "rule:deny_stack_user", "software_deployments:metadata": "", "service:index": "rule:context_is_admin", "resource_types:OS::Nova::Flavor": "rule:project_admin", "resource_types:OS::Cinder::EncryptedVolumeType": "rule:project_admin", "resource_types:OS::Cinder::VolumeType": "rule:project_admin", "resource_types:OS::Manila::ShareType": "rule:project_admin", "resource_types:OS::Neutron::QoSPolicy": "rule:project_admin", "resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:project_admin", "resource_types:OS::Nova::HostAggregate": "rule:project_admin" }