Ask Your Question

Policy to control security rule

asked 2017-11-10 12:10:22 -0500

DerpDarako gravatar image


I would like to add a simple rule in my policy.json.

I would like to remove the ability to create and delete rule inside a security group for a specific role. I checked inside the json file and tried to update :

"insert_rule": "rule:admin",
"remove_rule": "rule:admin",

But the project's owner can still add/create rule.

Do you have any idea?

Best regards

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2017-11-10 16:53:41 -0500


    "create_security_group_rule": "rule:admin_or_owner",
    "delete_security_group_rule": "rule:admin_or_owner",

Try to modify that.

edit flag offensive delete link more

answered 2017-11-14 03:47:00 -0500

DerpDarako gravatar image

updated 2017-11-14 07:32:31 -0500

I think you are right! Sadly I use ocata and these rules dont exist for me !

So the fix is to upgrade to Pike.

Thank you for your help

edit flag offensive delete link more


I guess the insert/remove rules refer to QoS, not secgroups. Indeed, no policy seems to cover secgroups. Did you check the code?

Bernd Bausch gravatar imageBernd Bausch ( 2017-11-14 06:53:26 -0500 )edit

I didnt check the neutron code. i didnt know where to start

DerpDarako gravatar imageDerpDarako ( 2017-11-14 07:32:22 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-11-10 12:10:22 -0500

Seen: 137 times

Last updated: Nov 14 '17