Skip to content

Commit

Permalink
Keystone: add back a check for domain id to list_projects API
Browse files Browse the repository at this point in the history
  • Loading branch information
bbobrov committed Jul 3, 2024
1 parent 9e3f1f8 commit 0d26588
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions openstack/keystone/templates/etc/_policy.yaml.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -923,6 +923,7 @@
# Intended scope(s): system, domain
#"identity:list_projects": "(role:reader and system_scope:all) or (role:reader and domain_id:%(target.domain_id)s)"
"identity:list_projects": "rule:cloud_reader or
(role:reader and domain_id:%(target.domain_id)s) or
(role:reader and domain_id:%(domain_id)s) or
(role:reader and project_id:%(parent_id)s)"

Expand Down

0 comments on commit 0d26588

Please sign in to comment.