Hello, I was searching some settings about security groups in policy.json today. Shouldn't be documented that what You said in https://github.com/openstack/neutron/blob/master/etc/policy.json maybe?
-- Best regards / Pozdrawiam Sławek Kapłoński [email protected] Dnia 2015-05-16, o godz. 08:54:22 Salvatore Orlando <[email protected]> napisał(a): > Perhaps you can achieve this by editing policy.json (located by > default in /etc/neutron). > > For instance you can allow only admin users to add security group > rules to any security group by specifying the following: > > "create_security_group_rule": "admin_only" > > Similar rules for update and deletion of security group rules will > prevent you from modifying existing rules. > This same set of rules will anyway allow admin users to add rules to > the default security group. > > Salvatore > > > > > On 15 May 2015 at 09:31, Giuseppa Muscianisi <[email protected]> > wrote: > > > Dear all, > > > > in our openstack cluster, we would restrict the actions that users > > can do with security group and security group rules. > > > > Here's what we'd like to achieve: 1. Lock down security group (and > > rules) so that only admin (or tenant admin?) can modify them. 2. > > Add additional rules to the default security group. > > > > Can you please give me some advices on how to achieve these goals? > > > > Thanks in advance, Giusy > > > > -- > > --------------------------------------------------------------- > > " Considerate la vostra semenza: > > fatti non foste a viver come bruti, > > ma per seguir virtute e canoscenza " > > > > Dante Alighieri > > Divina Commedia - Inferno - Canto XXVI > > --------------------------------------------------------------- > > > > Giuseppa Muscianisi, Ph.D. > > CINECA - SuperComputing, Applications and Innovation Department > > Via Magnanelli 6/3, 40033 Casalecchio di Reno (BO) - Italy > > Phone: +39 051 6171 775www.cineca.it > > > > > > _______________________________________________ > > Mailing list: > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > Post to : [email protected] > > Unsubscribe : > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
