Hi ,
You will find your policy.json file in /etc/keystone/
This file is used to do the role based access control in Keystone service. And you will find all the actions, offered by Keystone.
This is a link about RBAC in Keystone, you could have a look if you like : Identity API protection with role-based access control (RBAC)
I have some suggestion about how to add a new role to a new action, wish this could have some help for you.
- Create a new role in Keystone , using command : "openstack role create";
- Open file "/etc/keystone/policy.json", add these lines , suppose your created new role name is "custome":
1) "custome_role": "role:custome", (this line could be added nearby ""service_role": "role:service",")
Notice : You will see in the policy.json file , there are some other rules, combined some roles together, it is up to your usage, if you wanted , you could have try.
2) "identity:list_custom_entities": "rule: custome_role",
This is the basic way , to add a new action into Keystone policy file , and limited by a customized role.