On 09/06/2018 06:31 AM, Ignazio Cassano wrote:
> I installed openstack ocata on centos and I saw /etc/nova/policy.json
> coontains the following:
> {
> }
>
> I created an instance in a a project "admin" with user admin that
> belogns to admin project
>
> I created a demo project with a user demo with "user" role.
>
> Using command lines (openstack server list --all-projects) the user demo
> can list the admin instances and can also delete one of them.
>
> I think this is a bug and a nova policy.json must be created with some
> rules for avoiding the above.
See
https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/policy-in-code.html
You have something else going on ...
~iain