Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Restricting policy by operation

Some of the various policies don't stipulate the operation (GET, POST, PUT). For our immediate purpose, we are trying to create an auditor role that does GETs only so it can check services running.

In the nova policy file: "os_compute_api:os-services": "rule:admin_api or role:auditor"

We want to restrict role:auditor to GET only. The documentation doesn't mention any method to do this unless we get into RBAC.

Is this possible in the policies?

Thanks!