2 "admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or tenant_id:%(tenant_id)s",
3 "default": "rule:admin_or_owner",
4 "admin_api": "is_admin:True or (role:admin and is_admin_project:True)",
7 "profile:create":"rule:admin_api",
10 "profile:update":"rule:admin_api",
11 "profile:delete":"rule:admin_api",
12 "profile:add_extra_property": "rule:admin_api",
13 "profile:list_extra_properties": "",
14 "profile:remove_extra_property": "rule:admin_api",
15 "volume:create": "rule:admin_or_owner",
16 "volume:list": "rule:admin_or_owner",
17 "volume:get": "rule:admin_or_owner",
18 "volume:update": "rule:admin_or_owner",
19 "volume:extend": "rule:admin_or_owner",
20 "volume:delete": "rule:admin_or_owner",
21 "volume:create_attachment": "rule:admin_or_owner",
22 "volume:list_attachments": "rule:admin_or_owner",
23 "volume:get_attachment": "rule:admin_or_owner",
24 "volume:update_attachment": "rule:admin_or_owner",
25 "volume:delete_attachment": "rule:admin_or_owner",
26 "snapshot:create": "rule:admin_or_owner",
27 "snapshot:list": "rule:admin_or_owner",
28 "snapshot:get": "rule:admin_or_owner",
29 "snapshot:update": "rule:admin_or_owner",
30 "snapshot:delete": "rule:admin_or_owner",
31 "dock:list": "rule:admin_api",
32 "dock:get": "rule:admin_api",
33 "pool:list": "rule:admin_api",
34 "pool:get": "rule:admin_api",
35 "replication:create": "rule:admin_or_owner",
36 "replication:list": "rule:admin_or_owner",
37 "replication:list_detail": "rule:admin_or_owner",
38 "replication:get": "rule:admin_or_owner",
39 "replication:update": "rule:admin_or_owner",
40 "replication:delete": "rule:admin_or_owner",
41 "replication:action:enable": "rule:admin_or_owner",
42 "replication:action:disable": "rule:admin_or_owner",
43 "replication:action:failover": "rule:admin_or_owner",
44 "volume_group:create": "rule:admin_or_owner",
45 "volume_group:list": "rule:admin_or_owner",
46 "volume_group:get": "rule:admin_or_owner",
47 "volume_group:update": "rule:admin_or_owner",
48 "volume_group:delete": "rule:admin_or_owner",
49 "availability_zone:list":""