Revision history [back]

click to hide/show revision 1
initial version

Every service has policy.json which defines policies for accessing API. If you don't want others to upload the images than you can allow only admin to upload images by modifying the /etc/glance/policy.json file such that users having admin role can use add_image api. So this way you can restrict users other than admin to upload images.

Every service has policy.json which defines policies for accessing API. If you don't want others to upload the images than you can allow only admin to upload images by modifying the /etc/glance/policy.json file such that users having admin role can use add_image api. So this way you can restrict users other than admin to upload images.

Usually at the beginning of the file they define an entry that corresponds to admin role. In OpenStack documentation(http://docs.openstack.org/trunk/config-reference/content/section_glance-policy.json.html), it is "context_is_admin" therefor you can replace the entry having add_image API with "add_image": "rule:context_is_admin".

Every service has policy.json which defines policies for accessing API. If you don't want others to upload the images than you can allow only admin to upload images by modifying the /etc/glance/policy.json file such that users having admin role only they can use add_image api. So this way you can restrict users other than admin to upload images.

Usually at the beginning of the file they define an entry that corresponds to admin role. In OpenStack documentation(http://docs.openstack.org/trunk/config-reference/content/section_glance-policy.json.html), it is "context_is_admin" therefor you can replace the entry having add_image API with "add_image": "rule:context_is_admin".