-
Notifications
You must be signed in to change notification settings - Fork 4
/
example-policy.yaml
28 lines (24 loc) · 1.16 KB
/
example-policy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
project_scope: project_domain_id:%(domain_id)s and project_id:%(project_id)s
domain_scope: domain_id:%(domain_id)s
cluster_admin: role:cloud_resource_admin
domain_editor: rule:cluster_admin or (rule:domain_scope and role:resource_admin)
domain_viewer: rule:domain_editor or (rule:domain_scope and role:resource_viewer)
project_editor: rule:domain_editor or (rule:project_scope and role:admin)
project_viewer: rule:domain_viewer or (rule:project_scope and role:member) or rule:project_editor
project:list: rule:domain_viewer
project:show: rule:project_viewer
project:edit: rule:project_editor
project:edit_max_quota: rule:domain_editor
project:sync: rule:project_editor
project:set_rate_limit: rule:domain_editor
project:discover: rule:domain_editor
project:uncommit: rule:cluster_admin
domain:list: rule:cluster_admin
domain:show: rule:domain_viewer
domain:discover: rule:cluster_admin
cluster:list: rule:cluster_admin
cluster:show: rule:cluster_admin
cluster:show_basic: role:admin or role:member or role:resource_admin or role:resource_viewer
cluster:show_subcapacity: compute:%(service)s and ram:%(resource)s
cluster:show_errors: rule:cluster_admin
cluster:edit: rule:cluster_admin