Admin user can do anything without the control of policy.json
Bug #1895933 reported by
changzhi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Confirmed
|
Medium
|
Unassigned |
Bug Description
I create some neutron policies in the file /etc/neutron/
After that, I execute the command line " openstack address scope create a test " by the admin user and it works fine.
This is not my expected.
After some investigation, I find that in this pr[1], it will return True directly even if the admin user.
This is a bug? Or there are some special design things about the Neutron policy?
Thanks
1. https:/
description: | updated |
Changed in neutron: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
To post a comment you must log in.
Sounds like a similar issue reported by: https:/ /bugs.launchpad .net/neutron/ +bug/1784259 .
Yes, right now, admin users are not bound by the policy check, which is inconsistent with the "!" policy rule.