Regarding Policy.json entries for glance image update not working for a user
Alan Bishop
abishop at redhat.com
Mon Jun 13 13:06:06 UTC 2022
On Mon, Jun 13, 2022 at 6:00 AM Brian Rosmaita <rosmaita.fossdev at gmail.com>
wrote:
> On 6/13/22 8:29 AM, Adivya Singh wrote:
> > hi Team,
> >
> > Any thoughts on this
>
> H Adivya,
>
> Please supply some more information, for example:
>
> - which openstack release you are using
> - the full API request you are making to modify the image
> - the full API response you receive
> - whether the user with "role:user" is in the same project that owns the
> image
> - debug level log extract for this call if you have it
> - anything else that could be relevant, for example, have you modified
> any other policies, and if so, what values are you using now?
>
Also bear in mind that the default policy_file name is "policy.yaml" (not
.json). You either
need to provide a policy.yaml file, or override the policy_file setting if
you really want to
use policy.json.
Alan
cheers,
> brian
>
> >
> > Regards
> > Adivya Singh
> >
> > On Sat, Jun 11, 2022 at 12:40 AM Adivya Singh <adivya1.singh at gmail.com
> > <mailto:adivya1.singh at gmail.com>> wrote:
> >
> > Hi Team,
> >
> > I have a use case where I have to give a user restriction on
> > updating the image properties as a member.
> >
> > I have created a policy Json file and give the modify_image rule to
> > the particular role, but still it is not working
> >
> > "modify_image": "role:user", This role is created in OpenStack.
> >
> > but still it is failing while updating properties with a
> > particular user assigned to a role as "access denied" and
> > unauthorized access
> >
> > Regards
> > Adivya Singh
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220613/6f6fedf1/attachment.htm>
More information about the openstack-discuss
mailing list