
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hello,</p>

    <p>as far as I am aware, the lowest possible level you can

      (officially) reach with the policy files is project-level not

      user-level. Some APIs still provide user-level checks but those

      are a thing from the past and effectively deprecated. Nova API was

      migrated to Oslo Policies for API 2.1 where the user-level was

      removed entirely from the policy implementation, if I recall

      correctly.<br>

    </p>

    <p>Kind regards,</p>

    Markus Hentsch<br>

    Cloud&Heat Technologies<br>

    <br>

    <div class="moz-cite-prefix"><br>

      On 08.01.2018 at 06:50, Ying-Chuan Chen wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CA+=FJzj2xHHLyy_v6vUCmbtA46t_eyn0Gao9DBby5tCtkh7Qrw@mail.gmail.com">

      <div dir="ltr">

        <div style="font-size:14px">Hi guys, </div>

        <div style="font-size:14px">I want to ensure that only the owner

          of the instances can list his instances.</div>

        <div style="font-size:14px">I try to add rules in

          /etc/openstack-dashboard/nova_<wbr>policy.json like below:</div>

        <div style="font-size:14px"><br>

        </div>

        <div style="font-size:14px">"owner": "user_id:%(user_id)s",</div>

        <div style="font-size:14px"><br>

        </div>

        <div style="font-size:14px">"compute:get": "rule:owner",</div>

        <div style="font-size:14px"><br>

        </div>

        <div style="font-size:14px">But, it can't work. </div>

        <div style="font-size:14px">How to setup policy ensure only

          owner can list his instance?</div>

        <div style="font-size:14px">Version: Ocata, OS: CentOS 7.3</div>

        <div style="font-size:14px"><br>

        </div>

        <div style="font-size:14px">Thanks a lot!</div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>

Post to     : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>

Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>

</pre>

    </blockquote>

    <br>

    <div

style="font-family:tahoma,Arial,sans-serif;font-size:10pt;color:#474543;">

      <div

style="font-family:tahoma,Arial,sans-serif;font-size:10pt;color:#474543;">

        <p style="font-weight:bold;">

        </p>

      </div>

    </div>

  </body>

</html>