Policy driven RBAC
Most projects use policy files to control access to resources (our current control is similar to owner_or_admin in most policy files). Changes in policy are not currently reflected in changes to RBAC. We should identify where we can translate policy rules from policy files to elasticsearch queries (and where we cannot), and provide the option to map policy rules to RBAC controls. This will require a full spec and some analysis of the various projects' policy files. Neutron, for instance, supports *field* level policy control (see https:/
Blueprint information
- Status:
- Started
- Approver:
- None
- Priority:
- Medium
- Drafter:
- Steve McLellan
- Direction:
- Approved
- Assignee:
- Steve McLellan
- Definition:
- Approved
- Series goal:
- Accepted for newton
- Implementation:
-
Needs Code Review
- Milestone target:
- None
- Started by
- Travis Tripp
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
WIP: Policy driven RBAC
