Hi OpenStack Community,
I am working on a policy configuration to ensure that only owners of a project can delete users within their own project. Below is my current setup and the policy rules I have defined.
owner
role with permissions to create, delete, and manage users and projects.yaml
"admin_required": "role:admin"
"admin_or_owner": "rule:admin_required or (role:owner and project_id:%(target.user.project_id)s)"
"identity:delete_user": "rule:admin_or_owner"
With the above configuration, I aim to ensure that:
Thank you for your support.