Allow users with "admin" role to get projects
This patch modifies the policy for identity:get_project to allow a user with the "admin" role to retrieve any project by project_id for Secure RBAC (Phase 1) Change-Id: I6442557701284572759da1354e6547f57186935f
This commit is contained in:
parent
5a97b7d847
commit
0340121042
|
@ -154,7 +154,7 @@ automatically.
|
|||
project_policies = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_project',
|
||||
check_str=SYSTEM_READER_OR_DOMAIN_READER_OR_PROJECT_USER,
|
||||
check_str=ADMIN_OR_SYSTEM_READER_OR_DOMAIN_READER_OR_PROJECT_USER,
|
||||
scope_types=['system', 'domain', 'project'],
|
||||
description='Show project details.',
|
||||
operations=[{'path': '/v3/projects/{project_id}',
|
||||
|
|
Loading…
Reference in New Issue