Using "not"/negation rules in Identity Role Based Access Control (RBAC) policies?

asked 2016-07-19 12:22:08 -0500

KamNasim-WRS gravatar image

Hi folks,

I was wondering if it is possible to use negation rules within Keystone's policy.json:

I would like to make a rule that says "only allow deletion of users if user does NOT belong to the services project"

Is this possible? Have others run into similar use cases?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-07-19 16:41:11 -0500

This document explains the policy.json file for Mitaka and indicates the use of 'not' to limit access to APIs.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2016-07-19 12:22:08 -0500

Seen: 65 times

Last updated: Jul 19 '16