Limiting VM access to admin_or_owner in Grizzly
How can I create a rule in nova's policy.json file such that only the owner/admin of the VM can list/edit his VMs. The default behavior is that any user in the tenant can list/edit/delete any VM belonging to other users in the tenant. I want to ensure that only the admin role or the owner of the VM can have access to his instances. I have tried this:
"user": [["user_id:%(user_id)s"]], "admin_or_user": [["role:admin"], ["user_id:%(user_id)s"]],
and then created the rules as:
"compute: delete": "rule: admin_or_user",
But this does not work.