[Openstack] modify policy for security group on neutron

Sławek Kapłoński slawek at kaplonski.pl
Wed May 20 21:13:30 UTC 2015 

Hello,

I was searching some settings about security groups in policy.json
today. Shouldn't be documented that what You said in
https://github.com/openstack/neutron/blob/master/etc/policy.json maybe?

-- 
Best regards / Pozdrawiam
Sławek Kapłoński
slawek at kaplonski.pl

Dnia 2015-05-16, o godz. 08:54:22
Salvatore Orlando <sorlando at nicira.com> napisał(a):

> Perhaps you can achieve this by editing policy.json (located by
> default in /etc/neutron).
> 
> For instance you can allow only admin users to add security group
> rules to any security group by specifying the following:
> 
> "create_security_group_rule": "admin_only"
> 
> Similar rules for update and deletion of security group rules will
> prevent you from modifying existing rules.
> This same set of rules will anyway allow admin users to add rules to
> the default security group.
> 
> Salvatore
> 
> 
> 
> 
> On 15 May 2015 at 09:31, Giuseppa Muscianisi <g.muscianisi at cineca.it>
> wrote:
> 
> >  Dear all,
> >
> > in our openstack cluster, we would restrict the actions that users
> > can do with security group and security group rules.
> >
> > Here's what we'd like to achieve: 1. Lock down security group (and
> > rules) so that only admin (or tenant admin?) can modify them. 2.
> > Add additional rules to the default security group.
> >
> > Can you please give me some advices on how to achieve these goals?
> >
> > Thanks in advance, Giusy
> >
> > --
> > ---------------------------------------------------------------
> > " Considerate la vostra semenza:
> >   fatti non foste a viver come bruti,
> >   ma per seguir virtute e canoscenza "
> >
> >                                                 Dante Alighieri
> >                          Divina Commedia - Inferno - Canto XXVI
> > ---------------------------------------------------------------
> >
> > Giuseppa Muscianisi, Ph.D.
> > CINECA - SuperComputing, Applications and Innovation Department
> > Via Magnanelli 6/3, 40033 Casalecchio di Reno (BO) - Italy
> > Phone: +39 051 6171 775www.cineca.it
> >
> >
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >

More information about the Openstack mailing list