)]}'
{"doc/source/configuration/policy-concepts.rst":[{"author":{"_account_id":31412,"name":"Wenping Song","email":"songwenping@inspur.com","username":"songwenping"},"change_message_id":"a15e6289c575cb3d655e624e9609e9af5ac8b8e9","unresolved":false,"context_lines":[{"line_number":90,"context_line":"seen as a global role. All the system-level operation\u0027s policies"},{"line_number":91,"context_line":"have defaulted to ``scope_type`` of ``[\u0027system\u0027]``."},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"For example, consider the ``GET /os-hypervisors`` API."},{"line_number":94,"context_line":""},{"line_number":95,"context_line":".. code::"},{"line_number":96,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"9f560f44_56ea389f","line":93,"range":{"start_line":93,"start_character":28,"end_line":93,"end_character":47},"updated":"2020-09-25 02:21:44.000000000","message":"nit","commit_id":"5997bdcc1fc809dddb9638cd8947f906cabdf9f4"},{"author":{"_account_id":24872,"name":"YumengBao","email":"yumeng_bao@yahoo.com","username":"Yumeng_Bao"},"change_message_id":"cd8f4e7c4170334a7e74a62470f1ed5827c4a4c4","unresolved":false,"context_lines":[{"line_number":90,"context_line":"seen as a global role. All the system-level operation\u0027s policies"},{"line_number":91,"context_line":"have defaulted to ``scope_type`` of ``[\u0027system\u0027]``."},{"line_number":92,"context_line":""},{"line_number":93,"context_line":"For example, consider the ``GET /os-hypervisors`` API."},{"line_number":94,"context_line":""},{"line_number":95,"context_line":".. code::"},{"line_number":96,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"9f560f44_71e80a7a","line":93,"range":{"start_line":93,"start_character":28,"end_line":93,"end_character":47},"in_reply_to":"9f560f44_56ea389f","updated":"2020-09-27 06:12:59.000000000","message":"Done","commit_id":"5997bdcc1fc809dddb9638cd8947f906cabdf9f4"},{"author":{"_account_id":31412,"name":"Wenping Song","email":"songwenping@inspur.com","username":"songwenping"},"change_message_id":"a15e6289c575cb3d655e624e9609e9af5ac8b8e9","unresolved":false,"context_lines":[{"line_number":102,"context_line":".. rubric:: ``project`` scope"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"Policies with a ``scope_type`` of ``project`` means a user with a"},{"line_number":105,"context_line":"``project-scoped`` token has permission to access the resource. Project-level"},{"line_number":106,"context_line":"only operation\u0027s policies are defaulted to ``scope_type`` of ``[\u0027project\u0027]``."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":".. rubric:: ``system and project`` scope"},{"line_number":109,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"9f560f44_76f93c4c","line":106,"range":{"start_line":105,"start_character":64,"end_line":106,"end_character":76},"updated":"2020-09-25 02:21:44.000000000","message":"please make the sentence fluent.","commit_id":"5997bdcc1fc809dddb9638cd8947f906cabdf9f4"},{"author":{"_account_id":24872,"name":"YumengBao","email":"yumeng_bao@yahoo.com","username":"Yumeng_Bao"},"change_message_id":"cd8f4e7c4170334a7e74a62470f1ed5827c4a4c4","unresolved":false,"context_lines":[{"line_number":102,"context_line":".. rubric:: ``project`` scope"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"Policies with a ``scope_type`` of ``project`` means a user with a"},{"line_number":105,"context_line":"``project-scoped`` token has permission to access the resource. Project-level"},{"line_number":106,"context_line":"only operation\u0027s policies are defaulted to ``scope_type`` of ``[\u0027project\u0027]``."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":".. rubric:: ``system and project`` scope"},{"line_number":109,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"9f560f44_11f9ce4c","line":106,"range":{"start_line":105,"start_character":64,"end_line":106,"end_character":76},"in_reply_to":"9f560f44_76f93c4c","updated":"2020-09-27 06:12:59.000000000","message":"Done","commit_id":"5997bdcc1fc809dddb9638cd8947f906cabdf9f4"},{"author":{"_account_id":31412,"name":"Wenping Song","email":"songwenping@inspur.com","username":"songwenping"},"change_message_id":"a15e6289c575cb3d655e624e9609e9af5ac8b8e9","unresolved":false,"context_lines":[{"line_number":176,"context_line":"      Default"},{"line_number":177,"context_line":"         role:member and project_id:%(project_id)s"},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"   system_admin_or_owner"},{"line_number":180,"context_line":"      Default"},{"line_number":181,"context_line":"         rule:system_admin_api or rule:project_member_api"},{"line_number":182,"context_line":""},{"line_number":183,"context_line":".. rubric:: ``admin``"},{"line_number":184,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"9f560f44_4a928ca0","line":181,"range":{"start_line":179,"start_character":0,"end_line":181,"end_character":57},"updated":"2020-09-25 02:21:44.000000000","message":"do we need this?","commit_id":"5997bdcc1fc809dddb9638cd8947f906cabdf9f4"},{"author":{"_account_id":24872,"name":"YumengBao","email":"yumeng_bao@yahoo.com","username":"Yumeng_Bao"},"change_message_id":"cd8f4e7c4170334a7e74a62470f1ed5827c4a4c4","unresolved":false,"context_lines":[{"line_number":176,"context_line":"      Default"},{"line_number":177,"context_line":"         role:member and project_id:%(project_id)s"},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"   system_admin_or_owner"},{"line_number":180,"context_line":"      Default"},{"line_number":181,"context_line":"         rule:system_admin_api or rule:project_member_api"},{"line_number":182,"context_line":""},{"line_number":183,"context_line":".. rubric:: ``admin``"},{"line_number":184,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"9f560f44_f1f37a6b","line":181,"range":{"start_line":179,"start_character":0,"end_line":181,"end_character":57},"in_reply_to":"9f560f44_4a928ca0","updated":"2020-09-27 06:12:59.000000000","message":"this if for POST,DELETE,PATCH ARQ APIs, FIY: https://wiki.openstack.org/wiki/Cyborg/Policy","commit_id":"5997bdcc1fc809dddb9638cd8947f906cabdf9f4"},{"author":{"_account_id":31412,"name":"Wenping Song","email":"songwenping@inspur.com","username":"songwenping"},"change_message_id":"a15e6289c575cb3d655e624e9609e9af5ac8b8e9","unresolved":false,"context_lines":[{"line_number":197,"context_line":""},{"line_number":198,"context_line":"   system_admin_or_owner"},{"line_number":199,"context_line":"      Default"},{"line_number":200,"context_line":"         rule:system_admin_api or rule:project_member_api"},{"line_number":201,"context_line":""},{"line_number":202,"context_line":"With these new defaults, you can solve the problem of:"},{"line_number":203,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"9f560f44_0aa41406","line":200,"range":{"start_line":200,"start_character":39,"end_line":200,"end_character":57},"updated":"2020-09-25 02:21:44.000000000","message":"maybe this is project_admin_api","commit_id":"5997bdcc1fc809dddb9638cd8947f906cabdf9f4"},{"author":{"_account_id":24872,"name":"YumengBao","email":"yumeng_bao@yahoo.com","username":"Yumeng_Bao"},"change_message_id":"cd8f4e7c4170334a7e74a62470f1ed5827c4a4c4","unresolved":false,"context_lines":[{"line_number":197,"context_line":""},{"line_number":198,"context_line":"   system_admin_or_owner"},{"line_number":199,"context_line":"      Default"},{"line_number":200,"context_line":"         rule:system_admin_api or rule:project_member_api"},{"line_number":201,"context_line":""},{"line_number":202,"context_line":"With these new defaults, you can solve the problem of:"},{"line_number":203,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"9f560f44_91b31e9a","line":200,"range":{"start_line":200,"start_character":39,"end_line":200,"end_character":57},"in_reply_to":"9f560f44_0aa41406","updated":"2020-09-27 06:12:59.000000000","message":"It is project_member_api. \nsystem_admin_or_owner is for arq POST/DELETE/PATCH usage.\nFor example, project_member_api is the minimum policy requirement to DELETE an arq. this means any user, with a member role and who has the same project_id with that of arq, can do the DELETE arq operation. Here we add system_admin as an OR policy, is because system_admin should be also able to have the superpower to do this operation.\nMoreover, project_member here already implied that a project_admin is also able to do this operation as keystone already support implied roles: pls see in the NOTE of https://specs.openstack.org/openstack/cyborg-specs/specs/victoria/approved/policy-defaults-refresh.html#rest-api-impact","commit_id":"5997bdcc1fc809dddb9638cd8947f906cabdf9f4"}]}