--- /dev/null
+{
+ "admin_or_owner": "is_admin:True or (role:admin and is_admin_project:True) or tenant_id:%(tenant_id)s",
+ "default": "rule:admin_or_owner",
+ "admin_api": "is_admin:True or (role:admin and is_admin_project:True)",
+
+
+ "profile:create":"rule:admin_api",
+ "profile:list":"",
+ "profile:get":"",
+ "profile:update":"rule:admin_api",
+ "profile:delete":"rule:admin_api",
+ "profile:add_extra_property": "rule:admin_api",
+ "profile:list_extra_properties": "",
+ "profile:remove_extra_property": "rule:admin_api",
+ "volume:create": "rule:admin_or_owner",
+ "volume:list": "rule:admin_or_owner",
+ "volume:get": "rule:admin_or_owner",
+ "volume:update": "rule:admin_or_owner",
+ "volume:extend": "rule:admin_or_owner",
+ "volume:delete": "rule:admin_or_owner",
+ "volume:create_attachment": "rule:admin_or_owner",
+ "volume:list_attachments": "rule:admin_or_owner",
+ "volume:get_attachment": "rule:admin_or_owner",
+ "volume:update_attachment": "rule:admin_or_owner",
+ "volume:delete_attachment": "rule:admin_or_owner",
+ "snapshot:create": "rule:admin_or_owner",
+ "snapshot:list": "rule:admin_or_owner",
+ "snapshot:get": "rule:admin_or_owner",
+ "snapshot:update": "rule:admin_or_owner",
+ "snapshot:delete": "rule:admin_or_owner",
+ "dock:list": "rule:admin_api",
+ "dock:get": "rule:admin_api",
+ "pool:list": "rule:admin_api",
+ "pool:get": "rule:admin_api",
+ "replication:create": "rule:admin_or_owner",
+ "replication:list": "rule:admin_or_owner",
+ "replication:list_detail": "rule:admin_or_owner",
+ "replication:get": "rule:admin_or_owner",
+ "replication:update": "rule:admin_or_owner",
+ "replication:delete": "rule:admin_or_owner",
+ "replication:action:enable": "rule:admin_or_owner",
+ "replication:action:disable": "rule:admin_or_owner",
+ "replication:action:failover": "rule:admin_or_owner",
+ "volume_group:create": "rule:admin_or_owner",
+ "volume_group:list": "rule:admin_or_owner",
+ "volume_group:get": "rule:admin_or_owner",
+ "volume_group:update": "rule:admin_or_owner",
+ "volume_group:delete": "rule:admin_or_owner"
+}
\ No newline at end of file