Open Stack

Hi,

I noticed that the Ceilometer project has no strict policy control, the
/etc/ceilometer/policy.json only has one single rule 'context_is_admin',
and for each specific resource operation, it will invoke acl.get_limit_to
and v2._verify_query_segregation to forbid non-admin role operate other
tenant's resources, so normal user has full privilege to CURD all resources
in his own tenant, which means it can delete the alarms which is created by
other users (verified in deployed Havana environment), this sounds not so
good.

So, is this loose policy limit designed purposely, or it just a simple
implementation for policy?

In other core projects (except heat), for i.e. Neutron, policy is very
detailed, resource operation policy even can forcus on an attribute. And
the verification is not defined in specific operation's code but call a
function and it will check the rules defined in policy.json.

So, is there any opportunity to implement more strict policy check, for
i.e. a normal user can read resources created by other users (to be
stricter, may disable this too), but read+write for his own?

I'd like to get some help or advise before create a blueprint

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140210/d5a9ca3b/attachment.html>