On Thu, 2013-12-05 at 19:03 -0600, Scott Devoid wrote: > The TL;DR - We ran into problems with permissions for users within the > same tenant. With the current access controls it is impossible to fix > this without isolating each user in a personal project. Can we fix the > policy.json grammar to give us the access controls we want, or am I > stupid and missing something?
I believe there is support for getting the functionality you want. For any of the objects that have a user_id, you can use the policy rule "user_id:%(user_id)s", which will only be true if the user_id in the context is the same as the user_id on the object access is being checked against. You might want to try that rule and see if it gives you what you want… -- Kevin L. Mitchell <[email protected]> Rackspace -- Kevin L. Mitchell <[email protected]> Rackspace _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
