The keystone_policy.json
file
defines additional access controls for the dashboard that
apply to the Identity service.
Note | |
---|---|
The |
{ "admin_required":[ [ "role:admin" ], [ "is_admin:1" ] ], "service_role":[ [ "role:service" ] ], "service_or_admin":[ [ "rule:admin_required" ], [ "rule:service_role" ] ], "owner":[ [ "user_id:%(user_id)s" ] ], "admin_or_owner":[ [ "rule:admin_required" ], [ "rule:owner" ] ], "default":[ [ "rule:admin_required" ] ], "identity:get_service":[ [ "rule:admin_required" ] ], "identity:list_services":[ [ "rule:admin_required" ] ], "identity:create_service":[ [ "rule:admin_required" ] ], "identity:update_service":[ [ "rule:admin_required" ] ], "identity:delete_service":[ [ "rule:admin_required" ] ], "identity:get_endpoint":[ [ "rule:admin_required" ] ], "identity:list_endpoints":[ [ "rule:admin_required" ] ], "identity:create_endpoint":[ [ "rule:admin_required" ] ], "identity:update_endpoint":[ [ "rule:admin_required" ] ], "identity:delete_endpoint":[ [ "rule:admin_required" ] ], "identity:get_domain":[ [ "rule:admin_required" ] ], "identity:list_domains":[ [ "rule:admin_required" ] ], "identity:create_domain":[ [ "rule:admin_required" ] ], "identity:update_domain":[ [ "rule:admin_required" ] ], "identity:delete_domain":[ [ "rule:admin_required" ] ], "identity:get_project":[ [ "rule:admin_required" ] ], "identity:list_projects":[ [ "rule:admin_required" ] ], "identity:list_user_projects":[ [ "rule:admin_or_owner" ] ], "identity:create_project":[ [ "rule:admin_required" ] ], "identity:update_project":[ [ "rule:admin_required" ] ], "identity:delete_project":[ [ "rule:admin_required" ] ], "identity:get_user":[ [ "rule:admin_required" ] ], "identity:list_users":[ [ "rule:admin_required" ] ], "identity:create_user":[ [ "rule:admin_required" ] ], "identity:update_user":[ [ "rule:admin_or_owner" ] ], "identity:delete_user":[ [ "rule:admin_required" ] ], "identity:get_group":[ [ "rule:admin_required" ] ], "identity:list_groups":[ [ "rule:admin_required" ] ], "identity:list_groups_for_user":[ [ "rule:admin_or_owner" ] ], "identity:create_group":[ [ "rule:admin_required" ] ], "identity:update_group":[ [ "rule:admin_required" ] ], "identity:delete_group":[ [ "rule:admin_required" ] ], "identity:list_users_in_group":[ [ "rule:admin_required" ] ], "identity:remove_user_from_group":[ [ "rule:admin_required" ] ], "identity:check_user_in_group":[ [ "rule:admin_required" ] ], "identity:add_user_to_group":[ [ "rule:admin_required" ] ], "identity:get_credential":[ [ "rule:admin_required" ] ], "identity:list_credentials":[ [ "rule:admin_required" ] ], "identity:create_credential":[ [ "rule:admin_required" ] ], "identity:update_credential":[ [ "rule:admin_required" ] ], "identity:delete_credential":[ [ "rule:admin_required" ] ], "identity:get_role":[ [ "rule:admin_required" ] ], "identity:list_roles":[ [ "rule:admin_required" ] ], "identity:create_role":[ [ "rule:admin_required" ] ], "identity:update_role":[ [ "rule:admin_required" ] ], "identity:delete_role":[ [ "rule:admin_required" ] ], "identity:check_grant":[ [ "rule:admin_required" ] ], "identity:list_grants":[ [ "rule:admin_required" ] ], "identity:create_grant":[ [ "rule:admin_required" ] ], "identity:revoke_grant":[ [ "rule:admin_required" ] ], "identity:list_role_assignments":[ [ "rule:admin_required" ] ], "identity:get_policy":[ [ "rule:admin_required" ] ], "identity:list_policies":[ [ "rule:admin_required" ] ], "identity:create_policy":[ [ "rule:admin_required" ] ], "identity:update_policy":[ [ "rule:admin_required" ] ], "identity:delete_policy":[ [ "rule:admin_required" ] ], "identity:check_token":[ [ "rule:admin_required" ] ], "identity:validate_token":[ [ "rule:service_or_admin" ] ], "identity:validate_token_head":[ [ "rule:service_or_admin" ] ], "identity:revocation_list":[ [ "rule:service_or_admin" ] ], "identity:revoke_token":[ [ "rule:admin_or_owner" ] ], "identity:create_trust":[ [ "user_id:%(trust.trustor_user_id)s" ] ], "identity:get_trust":[ [ "rule:admin_or_owner" ] ], "identity:list_trusts":[ [ "@" ] ], "identity:list_roles_for_trust":[ [ "@" ] ], "identity:check_role_for_trust":[ [ "@" ] ], "identity:get_role_for_trust":[ [ "@" ] ], "identity:delete_trust":[ [ "@" ] ] }