Allow domain admin to view roles
Domain admins are allowed to assign roles. So it should be allowed to view roles. Closes-Bug: #2059780 Change-Id: Ifc25cf32ffcdb3b8a62d6741bc38e14bca0d7763
This commit is contained in:
parent
7a6e1a0bdc
commit
9162501c5f
|
@ -85,7 +85,7 @@ role_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_role',
|
||||
check_str=base.RULE_ADMIN_OR_SYSTEM_READER,
|
||||
scope_types=['system', 'project'],
|
||||
scope_types=['system', 'domain', 'project'],
|
||||
description='Show role details.',
|
||||
operations=[{'path': '/v3/roles/{role_id}',
|
||||
'method': 'GET'},
|
||||
|
@ -95,7 +95,7 @@ role_policies = [
|
|||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_roles',
|
||||
check_str=base.RULE_ADMIN_OR_SYSTEM_READER,
|
||||
scope_types=['system', 'project'],
|
||||
scope_types=['system', 'domain', 'project'],
|
||||
description='List roles.',
|
||||
operations=[{'path': '/v3/roles',
|
||||
'method': 'GET'},
|
||||
|
|
Loading…
Reference in New Issue