Change abandoned by Matt Riedemann (mriedem at us.ibm.com) on branch: master Review: https://review.openstack.org/130854 Reason: Going to abandon for Matthew's more targeted fix: https://review.openstack.org/#/c/132097/ -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1376915 Title: Ceilometer policy file settings ignored Status in OpenStack Telemetry (Ceilometer): In Progress Status in OpenStack Security Advisories: Won't Fix Bug description: Configuring the ceilometer policy.json file to restrict certain actions has no effect whatsoever. This allows all users access to sensitive information, such as audit data stored in the http.request meter. E.g. policy.json file: { "adm": "role:admin", "default": "!", "meter:get_all": "rule:adm", "meters:get_all": "rule:adm" } With the above policy, tokens for users without the admin role are still able to access meters, and any token still works for alarms despite the default supposedly being to disallow for everyone. To manage notifications about this bug go to: https://bugs.launchpad.net/ceilometer/+bug/1376915/+subscriptions