René Ribaud
f017e23b81
Update the server shares API policies to use PROJECT_READER_OR_ADMIN and PROJECT_MEMBER_OR_ADMIN instead of PROJECT_READER and PROJECT_MEMBER. This aligns the server shares policies with other compute API policies and ensures administrators can list, attach, show and detach shares regardless of project policy overrides. Signed-off-by: René Ribaud <rene.ribaud@gmail.com> Change-Id: I2b237d56b08e3080475dc500e204298018af29c7
14 lines
720 B
YAML
14 lines
720 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
The server-shares API policies have been updated to allow admin users
|
|
(those with the role admin) to access them. There are no changes to the
|
|
permissions for project users with the role reader/member. The following
|
|
API policies have been updated from PROJECT_READER/PROJECT_MEMBER to
|
|
PROJECT_READER_OR_ADMIN/PROJECT_MEMBER_OR_ADMIN to facilitate this change.
|
|
|
|
* ``os_compute_api:os-server-shares:index`` → ``PROJECT_READER_OR_ADMIN``
|
|
* ``os_compute_api:os-server-shares:create`` → ``PROJECT_MEMBER_OR_ADMIN``
|
|
* ``os_compute_api:os-server-shares:show`` → ``PROJECT_READER_OR_ADMIN``
|
|
* ``os_compute_api:os-server-shares:delete`` → ``PROJECT_MEMBER_OR_ADMIN``
|