Hello operators, While reviewing Cinder policies recently, Bug #1908315 [0] was discovered: "Policy group:reset_group_snapshot_status has incorrect checkstring". This policy governs the "Reset a snapshot's status" action [1]. The action is supposed to be admin-only, but the default policy setting is admin-or-owner. This is not a security issue, but it does allow an end user to put a group snapshot that they own into an invalid status, with indeterminate consequences. A fix has been posted for review [2], but if you wish to correct this immediately, you can put the following line into your cinder policy file: "group:reset_group_snapshot_status": "rule:admin_api" More information about the cinder policy file can be found at [3]. [0] https://bugs.launchpad.net/cinder/+bug/1908315 [1] https://docs.openstack.org/api-ref/block-storage/v3/#reset-a-snapshot-s-status [2] https://review.opendev.org/c/openstack/cinder/+/767226 [3] https://docs.openstack.org/cinder/latest/configuration/block-storage/samples/policy.yaml.html