Disallow non-admin to specify binding:profile

author Akihiro MOTOKI <motoki@da.jp.nec.com>

Thu, 22 Aug 2013 02:34:43 +0000 (11:34 +0900)

committer Akihiro MOTOKI <motoki@da.jp.nec.com>

Thu, 22 Aug 2013 02:36:58 +0000 (11:36 +0900)
author Akihiro MOTOKI <motoki@da.jp.nec.com>
Thu, 22 Aug 2013 02:34:43 +0000 (11:34 +0900)
committer Akihiro MOTOKI <motoki@da.jp.nec.com>
Thu, 22 Aug 2013 02:36:58 +0000 (11:36 +0900)
diff --git a/etc/policy.json b/etc/policy.json

index 6310e2b136ffbf2d3741e4d5bf2f75c733a0227c..78dd1e4c7914919fa81b3fd07d083ea9ec74b7c7 100644 (file)
--- a/etc/policy.json
+++ b/etc/policy.json
@@ -44,6 +44,7 @@
      "create_port:fixed_ips": "rule:admin_or_network_owner",
      "create_port:port_security_enabled": "rule:admin_or_network_owner",
      "create_port:binding:host_id": "rule:admin_only",
+    "create_port:binding:profile": "rule:admin_only",
      "create_port:mac_learning_enabled": "rule:admin_or_network_owner",
      "get_port": "rule:admin_or_owner",
      "get_port:queue_id": "rule:admin_only",
@@ -55,6 +56,7 @@
      "update_port:fixed_ips": "rule:admin_or_network_owner",
      "update_port:port_security_enabled": "rule:admin_or_network_owner",
      "update_port:binding:host_id": "rule:admin_only",
+    "update_port:binding:profile": "rule:admin_only",
      "update_port:mac_learning_enabled": "rule:admin_or_network_owner",
      "delete_port": "rule:admin_or_owner",
author	Akihiro MOTOKI <motoki@da.jp.nec.com>
	Thu, 22 Aug 2013 02:34:43 +0000 (11:34 +0900)
committer	Akihiro MOTOKI <motoki@da.jp.nec.com>
	Thu, 22 Aug 2013 02:36:58 +0000 (11:36 +0900)