Ask Your Question
1

Using "not"/negation rules in Identity Role Based Access Control (RBAC) policies?

asked 2016-07-19 12:22:08 -0500

KamNasim-WRS gravatar image

Hi folks,

I was wondering if it is possible to use negation rules within Keystone's policy.json:

I would like to make a rule that says "only allow deletion of users if user does NOT belong to the services project"

Is this possible? Have others run into similar use cases?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-07-19 16:41:11 -0500

This document explains the policy.json file for Mitaka and indicates the use of 'not' to limit access to APIs.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2016-07-19 12:22:08 -0500

Seen: 33 times

Last updated: Jul 19 '16