<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 05/09/2017 06:39 AM,
<a class="moz-txt-link-abbreviated" href="mailto:chagg@foxmail.com">chagg@foxmail.com</a> wrote:<br>
</div>
<blockquote type="cite" cite="mid:201705091839524158073@foxmail.com">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<style>body { line-height: 1.5; }body { font-size: 10.5pt; font-family: ????; color: rgb(0, 0, 0); line-height: 1.5; }</style>
<div><span></span>Hello:</div>
<div> I want every one can access a volume I created in cinder
as admin, so I changed /etc/cinder/policy.json as bellow, but it
won't work. Why? And how to do it?</div>
<div>Thanks!</div>
<div>policy.json</div>
</blockquote>
<br>
So, debugging policy is a pain. What operation specifically fails?<br>
You also might want to make the default into something more
specific, such as "check that the project matches and the user has
either the Member or admin role" Or, if you just want it to always
pass, you can make it a true check.<br>
<br>
<br>
<span style="color: rgb(0, 0, 0); background-color: rgba(0, 0, 0,
0);">"default": "",</span><br>
<br>
<br>
<br>
<blockquote type="cite" cite="mid:201705091839524158073@foxmail.com">
<div><br>
</div>
<div><br>
</div>
<div><span style="color: rgb(0, 0, 0); background-color: rgba(0,
0, 0, 0);">{<br>
"context_is_admin": "role:admin",<br>
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",<br>
"default": "",<br>
<br>
"admin_api": "is_admin:True",<br>
<br>
"volume:create": "",<br>
"volume:delete": "",<br>
"volume:get": "",<br>
"volume:get_all": "",<br>
"volume:get_volume_metadata": "",<br>
"volume:delete_volume_metadata": "",<br>
"volume:update_volume_metadata": "",<br>
"volume:get_volume_admin_metadata": "rule:admin_api",<br>
"volume:update_volume_admin_metadata": "rule:admin_api",<br>
"volume:get_snapshot": "",<br>
"volume:get_all_snapshots": "",<br>
"volume:create_snapshot": "",<br>
"volume:delete_snapshot": "",<br>
"volume:update_snapshot": "",<br>
"volume:extend": "",<br>
"volume:update_readonly_flag": "",<br>
"volume:retype": "",<br>
"volume:update": "",<br>
<br>
"volume_extension:types_manage": "rule:admin_api",<br>
"volume_extension:types_extra_specs": "rule:admin_api",<br>
"volume_extension:access_types_qos_specs_id": "rule:admin_api",<br>
"volume_extension:access_types_extra_specs": "rule:admin_api",<br>
"volume_extension:volume_type_access": "",<br>
"volume_extension:volume_type_access:addProjectAccess": "rule:admin_api",<br>
"volume_extension:volume_type_access:removeProjectAccess": "rule:admin_api",<br>
"volume_extension:volume_type_encryption": "rule:admin_api",<br>
"volume_extension:volume_encryption_metadata": "",<br>
"volume_extension:extended_snapshot_attributes": "",<br>
"volume_extension:volume_image_metadata": "",<br>
<br>
"volume_extension:quotas:show": "",<br>
"volume_extension:quotas:update": "rule:admin_api",<br>
"volume_extension:quotas:delete": "rule:admin_api",<br>
"volume_extension:quota_classes": "rule:admin_api",<br>
"volume_extension:quota_classes:validate_setup_for_nested_quota_use": "rule:admin_api",<br>
<br>
"volume_extension:volume_admin_actions:reset_status": "rule:admin_api",<br>
"volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api",<br>
"volume_extension:backup_admin_actions:reset_status": "rule:admin_api",<br>
"volume_extension:volume_admin_actions:force_delete": "rule:admin_api",<br>
"volume_extension:volume_admin_actions:force_detach": "rule:admin_api",<br>
"volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api",<br>
"volume_extension:backup_admin_actions:force_delete": "rule:admin_api",<br>
"volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api",<br>
"volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api",<br>
<br>
"volume_extension:volume_host_attribute": "rule:admin_api",<br>
"volume_extension:volume_tenant_attribute": "",<br>
"volume_extension:volume_mig_status_attribute": "rule:admin_api",<br>
"volume_extension:hosts": "rule:admin_api",<br>
"volume_extension:services:index": "rule:admin_api",<br>
"volume_extension:services:update" : "rule:admin_api",<br>
<br>
"volume_extension:volume_manage": "rule:admin_api",<br>
"volume_extension:volume_unmanage": "rule:admin_api",<br>
<br>
"volume_extension:capabilities": "rule:admin_api",<br>
<br>
"volume:create_transfer": "",<br>
"volume:accept_transfer": "",<br>
"volume:delete_transfer": "",<br>
"volume:get_all_transfers": "",<br>
<br>
"volume_extension:replication:promote": "rule:admin_api",<br>
"volume_extension:replication:reenable": "rule:admin_api",<br>
<br>
"volume:enable_replication": "rule:admin_api",<br>
"volume:disable_replication": "rule:admin_api",<br>
"volume:failover_replication": "rule:admin_api",<br>
"volume:list_replication_targets": "rule:admin_api",<br>
<br>
"backup:create" : "",<br>
"backup:delete": "",<br>
"backup:get": "",<br>
"backup:get_all": "",<br>
"backup:restore": "",<br>
"backup:backup-import": "rule:admin_api",<br>
"backup:backup-export": "rule:admin_api",<br>
<br>
"snapshot_extension:snapshot_actions:update_snapshot_status": "",<br>
"snapshot_extension:snapshot_manage": "rule:admin_api",<br>
"snapshot_extension:snapshot_unmanage": "rule:admin_api",<br>
<br>
"consistencygroup:create" : "group:nobody",<br>
"consistencygroup:delete": "group:nobody",<br>
"consistencygroup:update": "group:nobody",<br>
"consistencygroup:get": "group:nobody",<br>
"consistencygroup:get_all": "group:nobody",<br>
<br>
"consistencygroup:create_cgsnapshot" : "group:nobody",<br>
"consistencygroup:delete_cgsnapshot": "group:nobody",<br>
"consistencygroup:get_cgsnapshot": "group:nobody",<br>
"consistencygroup:get_all_cgsnapshots": "group:nobody",<br>
<br>
"scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api"<br>
}<br>
</span></div>
<div><br>
</div>
<hr style="width: 210px; height: 1px;" color="#b5c4df" size="1"
align="left">
<div><span>
<div style="MARGIN: 10px; FONT-FAMILY: verdana; FONT-SIZE:
10pt">
<div><a class="moz-txt-link-abbreviated" href="mailto:chagg@foxmail.com">chagg@foxmail.com</a></div>
</div>
</span></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>