Granular API Policy
API policy can be used for multiple ways to secure and control the API access. For example, controlling the API access among Super-Admin, Admin, Owner, non-admin users, Reader, Auditor and many more other different type of users. Control and access permission in policies depends on each user role and responsibility.
Admin would have access for almost all APIs and have permission to their policy rule but non-admin would not and so does Reader and Auditor. Owner of resource can delete, modify their own resources but Reader and Auditor should not.
Now question is that whether nova policy allow to achieve the above requirement completely. Yes, it does but at some extend not completely. It is not complete because not all API operation have their own separate policy. Which means different access permission to each APIs operation is not completely possible.
This spec is to address the above issue and to make API policy more granular so that each API operation has their own policy control and cloud provider can configure them for each user role.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Ghanshyam Mann
- Direction:
- Needs approval
- Assignee:
- Ghanshyam Mann
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Spec for Granular API policy
Gerrit topic: https:/
Addressed by: https:/
Add granularity to os-services API
Gerrit topic: https:/
