yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1329864] Re: Owner role is broken in default v2 policy file

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1329864@xxxxxxxxxxxxxxxxxx>
Date: Fri, 13 Jun 2014 18:13:44 -0000
Reply-to: Bug 1329864 <1329864@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

That's originally by design, but I agree with the notion that users
should be able to delete their own tokens, even though it's
traditionally an administrative function (I see it as "logging out").

** Changed in: keystone
   Importance: Undecided => Wishlist

** Changed in: keystone
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1329864

Title:
  Owner role is broken in default v2 policy file

Status in OpenStack Identity (Keystone):
  Opinion

Bug description:
  In v2 policy.json  owner is defined as
    "owner" : "user_id:%(user_id)s",

  
  It should be 
    "owner" : "user_id:%(user_id)s or user_id:%(target.token.user_id)s",

  
  Affected APIs,
     Using default v2 policy file a user can't delete his own token due to this defect

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1329864/+subscriptions

References

[Bug 1329864] [NEW] Owner role is broken in default v2 policy file
From: Haneef Ali, 2014-06-13