The nova_policy.json file defines
additional access controls for the dashboard that apply to
the Compute service.
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
The |
{
"context_is_admin":"role:admin",
"admin_or_owner":"is_admin:True or project_id:%(project_id)s",
"default":"rule:admin_or_owner",
"cells_scheduler_filter:TargetCellFilter":"is_admin:True",
"compute:create":"",
"compute:create:attach_network":"",
"compute:create:attach_volume":"",
"compute:create:forced_host":"is_admin:True",
"compute:get_all":"",
"compute:get_all_tenants":"",
"compute:unlock_override":"rule:admin_api",
"compute:shelve":"",
"compute:shelve_offload":"",
"compute:unshelve":"",
"admin_api":"is_admin:True",
"compute_extension:accounts":"rule:admin_api",
"compute_extension:admin_actions":"rule:admin_api",
"compute_extension:admin_actions:pause":"rule:admin_or_owner",
"compute_extension:admin_actions:unpause":"rule:admin_or_owner",
"compute_extension:admin_actions:suspend":"rule:admin_or_owner",
"compute_extension:admin_actions:resume":"rule:admin_or_owner",
"compute_extension:admin_actions:lock":"rule:admin_or_owner",
"compute_extension:admin_actions:unlock":"rule:admin_or_owner",
"compute_extension:admin_actions:resetNetwork":"rule:admin_api",
"compute_extension:admin_actions:injectNetworkInfo":"rule:admin_api",
"compute_extension:admin_actions:createBackup":"rule:admin_or_owner",
"compute_extension:admin_actions:migrateLive":"rule:admin_api",
"compute_extension:admin_actions:resetState":"rule:admin_api",
"compute_extension:admin_actions:migrate":"rule:admin_api",
"compute_extension:v3:os-admin-actions":"rule:admin_api",
"compute_extension:v3:os-admin-actions:pause":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:unpause":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:suspend":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:resume":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:lock":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:unlock":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:reset_network":"rule:admin_api",
"compute_extension:v3:os-admin-actions:inject_network_info":"rule:admin_api",
"compute_extension:v3:os-admin-actions:create_backup":"rule:admin_or_owner",
"compute_extension:v3:os-admin-actions:migrate_live":"rule:admin_api",
"compute_extension:v3:os-admin-actions:reset_state":"rule:admin_api",
"compute_extension:v3:os-admin-actions:migrate":"rule:admin_api",
"compute_extension:v3:os-admin-password":"",
"compute_extension:aggregates":"rule:admin_api",
"compute_extension:v3:os-aggregates":"rule:admin_api",
"compute_extension:agents":"rule:admin_api",
"compute_extension:v3:os-agents":"rule:admin_api",
"compute_extension:attach_interfaces":"",
"compute_extension:v3:os-attach-interfaces":"",
"compute_extension:baremetal_nodes":"rule:admin_api",
"compute_extension:v3:os-baremetal-nodes":"rule:admin_api",
"compute_extension:cells":"rule:admin_api",
"compute_extension:v3:os-cells":"rule:admin_api",
"compute_extension:certificates":"",
"compute_extension:v3:os-certificates":"",
"compute_extension:cloudpipe":"rule:admin_api",
"compute_extension:cloudpipe_update":"rule:admin_api",
"compute_extension:console_output":"",
"compute_extension:v3:consoles:discoverable":"",
"compute_extension:v3:os-console-output":"",
"compute_extension:consoles":"",
"compute_extension:v3:os-remote-consoles":"",
"compute_extension:coverage_ext":"rule:admin_api",
"compute_extension:v3:os-coverage":"rule:admin_api",
"compute_extension:createserverext":"",
"compute_extension:deferred_delete":"",
"compute_extension:v3:os-deferred-delete":"",
"compute_extension:disk_config":"",
"compute_extension:evacuate":"rule:admin_api",
"compute_extension:v3:os-evacuate":"rule:admin_api",
"compute_extension:extended_server_attributes":"rule:admin_api",
"compute_extension:v3:os-extended-server-attributes":"rule:admin_api",
"compute_extension:extended_status":"",
"compute_extension:v3:os-extended-status":"",
"compute_extension:extended_availability_zone":"",
"compute_extension:v3:os-extended-availability-zone":"",
"compute_extension:extended_ips":"",
"compute_extension:extended_ips_mac":"",
"compute_extension:extended_vif_net":"",
"compute_extension:v3:extension_info:discoverable":"",
"compute_extension:extended_volumes":"",
"compute_extension:v3:os-extended-volumes":"",
"compute_extension:v3:os-extended-volumes:attach":"",
"compute_extension:v3:os-extended-volumes:detach":"",
"compute_extension:fixed_ips":"rule:admin_api",
"compute_extension:v3:os-fixed-ips:discoverable":"",
"compute_extension:v3:os-fixed-ips":"rule:admin_api",
"compute_extension:flavor_access":"",
"compute_extension:v3:os-flavor-access":"",
"compute_extension:flavor_disabled":"",
"compute_extension:v3:os-flavor-disabled":"",
"compute_extension:flavor_rxtx":"",
"compute_extension:v3:os-flavor-rxtx":"",
"compute_extension:flavor_swap":"",
"compute_extension:flavorextradata":"",
"compute_extension:flavorextraspecs:index":"",
"compute_extension:flavorextraspecs:show":"",
"compute_extension:flavorextraspecs:create":"rule:admin_api",
"compute_extension:flavorextraspecs:update":"rule:admin_api",
"compute_extension:flavorextraspecs:delete":"rule:admin_api",
"compute_extension:v3:flavor-extra-specs:index":"",
"compute_extension:v3:flavor-extra-specs:show":"",
"compute_extension:v3:flavor-extra-specs:create":"rule:admin_api",
"compute_extension:v3:flavor-extra-specs:update":"rule:admin_api",
"compute_extension:v3:flavor-extra-specs:delete":"rule:admin_api",
"compute_extension:flavormanage":"rule:admin_api",
"compute_extension:floating_ip_dns":"",
"compute_extension:floating_ip_pools":"",
"compute_extension:floating_ips":"",
"compute_extension:floating_ips_bulk":"rule:admin_api",
"compute_extension:fping":"",
"compute_extension:fping:all_tenants":"rule:admin_api",
"compute_extension:hide_server_addresses":"is_admin:False",
"compute_extension:v3:os-hide-server-addresses":"is_admin:False",
"compute_extension:hosts":"rule:admin_api",
"compute_extension:v3:os-hosts":"rule:admin_api",
"compute_extension:hypervisors":"rule:admin_api",
"compute_extension:v3:os-hypervisors":"rule:admin_api",
"compute_extension:image_size":"",
"compute_extension:v3:os-image-metadata":"",
"compute_extension:v3:os-images":"",
"compute_extension:instance_actions":"",
"compute_extension:v3:os-instance-actions":"",
"compute_extension:instance_actions:events":"rule:admin_api",
"compute_extension:v3:os-instance-actions:events":"rule:admin_api",
"compute_extension:instance_usage_audit_log":"rule:admin_api",
"compute_extension:v3:os-instance-usage-audit-log":"rule:admin_api",
"compute_extension:v3:ips:discoverable":"",
"compute_extension:keypairs":"",
"compute_extension:keypairs:index":"",
"compute_extension:keypairs:show":"",
"compute_extension:keypairs:create":"",
"compute_extension:keypairs:delete":"",
"compute_extension:v3:os-keypairs:discoverable":"",
"compute_extension:v3:os-keypairs":"",
"compute_extension:v3:os-keypairs:index":"",
"compute_extension:v3:os-keypairs:show":"",
"compute_extension:v3:os-keypairs:create":"",
"compute_extension:v3:os-keypairs:delete":"",
"compute_extension:multinic":"",
"compute_extension:v3:os-multinic":"",
"compute_extension:networks":"rule:admin_api",
"compute_extension:networks:view":"",
"compute_extension:networks_associate":"rule:admin_api",
"compute_extension:quotas:show":"",
"compute_extension:quotas:update":"rule:admin_api",
"compute_extension:quotas:delete":"rule:admin_api",
"compute_extension:v3:os-quota-sets:show":"",
"compute_extension:v3:os-quota-sets:update":"rule:admin_api",
"compute_extension:v3:os-quota-sets:delete":"rule:admin_api",
"compute_extension:quota_classes":"",
"compute_extension:v3:os-quota-class-sets":"",
"compute_extension:rescue":"",
"compute_extension:v3:os-rescue":"",
"compute_extension:security_group_default_rules":"rule:admin_api",
"compute_extension:security_groups":"",
"compute_extension:v3:os-security-groups":"",
"compute_extension:server_diagnostics":"rule:admin_api",
"compute_extension:v3:os-server-diagnostics":"rule:admin_api",
"compute_extension:server_password":"",
"compute_extension:v3:os-server-password":"",
"compute_extension:server_usage":"",
"compute_extension:v3:os-server-usage":"",
"compute_extension:services":"rule:admin_api",
"compute_extension:v3:os-services":"rule:admin_api",
"compute_extension:v3:servers:discoverable":"",
"compute_extension:shelve":"",
"compute_extension:shelveOffload":"rule:admin_api",
"compute_extension:v3:os-shelve:shelve":"",
"compute_extension:v3:os-shelve:shelve_offload":"rule:admin_api",
"compute_extension:simple_tenant_usage:show":"rule:admin_or_owner",
"compute_extension:v3:os-simple-tenant-usage:show":"rule:admin_or_owner",
"compute_extension:simple_tenant_usage:list":"rule:admin_api",
"compute_extension:v3:os-simple-tenant-usage:list":"rule:admin_api",
"compute_extension:unshelve":"",
"compute_extension:v3:os-shelve:unshelve":"",
"compute_extension:users":"rule:admin_api",
"compute_extension:virtual_interfaces":"",
"compute_extension:virtual_storage_arrays":"",
"compute_extension:volumes":"",
"compute_extension:volume_attachments:index":"",
"compute_extension:volume_attachments:show":"",
"compute_extension:volume_attachments:create":"",
"compute_extension:volume_attachments:update":"",
"compute_extension:volume_attachments:delete":"",
"compute_extension:volumetypes":"",
"compute_extension:availability_zone:list":"",
"compute_extension:v3:os-availability-zone:list":"",
"compute_extension:availability_zone:detail":"rule:admin_api",
"compute_extension:v3:os-availability-zone:detail":"rule:admin_api",
"compute_extension:used_limits_for_admin":"rule:admin_api",
"compute_extension:v3:os-used-limits":"",
"compute_extension:v3:os-used-limits:tenant":"rule:admin_api",
"compute_extension:migrations:index":"rule:admin_api",
"compute_extension:v3:os-migrations:index":"rule:admin_api",
"volume:create":"",
"volume:get_all":"",
"volume:get_volume_metadata":"",
"volume:get_snapshot":"",
"volume:get_all_snapshots":"",
"volume_extension:types_manage":"rule:admin_api",
"volume_extension:types_extra_specs":"rule:admin_api",
"volume_extension:volume_admin_actions:reset_status":"rule:admin_api",
"volume_extension:snapshot_admin_actions:reset_status":"rule:admin_api",
"volume_extension:volume_admin_actions:force_delete":"rule:admin_api",
"network:get_all":"",
"network:get":"",
"network:create":"",
"network:delete":"",
"network:associate":"",
"network:disassociate":"",
"network:get_vifs_by_instance":"",
"network:allocate_for_instance":"",
"network:deallocate_for_instance":"",
"network:validate_networks":"",
"network:get_instance_uuids_by_ip_filter":"",
"network:get_instance_id_by_floating_address":"",
"network:setup_networks_on_host":"",
"network:get_backdoor_port":"",
"network:get_floating_ip":"",
"network:get_floating_ip_pools":"",
"network:get_floating_ip_by_address":"",
"network:get_floating_ips_by_project":"",
"network:get_floating_ips_by_fixed_address":"",
"network:allocate_floating_ip":"",
"network:deallocate_floating_ip":"",
"network:associate_floating_ip":"",
"network:disassociate_floating_ip":"",
"network:release_floating_ip":"",
"network:migrate_instance_start":"",
"network:migrate_instance_finish":"",
"network:get_fixed_ip":"",
"network:get_fixed_ip_by_address":"",
"network:add_fixed_ip_to_instance":"",
"network:remove_fixed_ip_from_instance":"",
"network:add_network_to_project":"",
"network:get_instance_nw_info":"",
"network:get_dns_domains":"",
"network:add_dns_entry":"",
"network:modify_dns_entry":"",
"network:delete_dns_entry":"",
"network:get_dns_entries_by_address":"",
"network:get_dns_entries_by_name":"",
"network:create_private_dns_domain":"",
"network:create_public_dns_domain":"",
"network:delete_dns_domain":""
}
