Manila 示例策略¶
警告
自 Manila 12.0.0 (Wallaby) 起,JSON 格式的策略文件已被弃用。此 oslopolicy-convert-json-to-yaml 工具将以向后兼容的方式将现有的 JSON 格式策略文件迁移到 YAML。
以下是一个从代码中的默认策略值自动生成的 Manila 示例策略文件。如果您使用的是默认策略,则无需维护此文件。它旨在帮助解释哪些策略操作保护特定的 Manila API,但除非您计划为非默认操作提供不同的策略,否则不建议将其复制并粘贴到部署中。例如,如果您想更改“share:create”的默认值,则只需要在您的策略配置文件 (/etc/manila/policy.yaml) 中保留此单条规则。
# Project scoped Administrator
# Intended scope(s): project
#"project-admin": "role:admin and project_id:%(project_id)s"
# Project scoped Member
# Intended scope(s): project
#"project-member": "role:member and project_id:%(project_id)s"
# Project scoped Reader
# Intended scope(s): project
#"project-reader": "role:reader and project_id:%(project_id)s"
# Project scoped user that owns a user specific resource
# Intended scope(s): project
#"owner-user": "user_id:%(user_id)s and project_id:%(project_id)s"
# A service user or an administrator user.
# Intended scope(s): project
#"admin_or_service_api": "role:admin or role:service"
# Privileged users checked via "context.is_admin"
# Intended scope(s): project
#"context_is_admin": "role:admin"
# DEPRECATED
# "context_is_admin":"role:admin" has been deprecated since W in favor
# of "context_is_admin":"role:admin".
# The `context_is_admin` check is superseded by more specific check
# strings that consume project scope attributes from keystone tokens.
# Privileged user who can select host during scheduling
# Intended scope(s): project
#"context_is_host_admin": "role:admin and project_id:%(project_id)s"
# Administrator or Member of the project
#"admin_or_owner": "is_admin:True or project_id:%(project_id)s"
# Administrator or owner user of a resource
#"admin_or_owner_user": "is_admin:True or project_id:%(project_id)s and user_id:%(user_id)s"
# Default rule for most non-Admin APIs
#"default": "rule:admin_or_owner"
# Default rule for most Admin APIs.
#"admin_api": "is_admin:True"
# Get all storage availability zones.
# GET /os-availability-zone
# GET /availability-zone
# Intended scope(s): project
#"availability_zone:index": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "availability_zone:index":"rule:default" has been deprecated since W
# in favor of "availability_zone:index":"(rule:context_is_admin) or
# (rule:project-reader)".
# The availability zone API now supports scope and default roles.
# Get information regarding backends (and storage pools) known to the
# scheduler.
# GET /scheduler-stats/pools?{query}
# Intended scope(s): project
#"scheduler_stats:pools:index": "rule:context_is_admin"
# DEPRECATED
# "scheduler_stats:pools:index":"rule:admin_api" has been deprecated
# since W in favor of
# "scheduler_stats:pools:index":"rule:context_is_admin".
# The storage pool statistics API now support system scope and default
# roles.
# Get detailed information regarding backends (and storage pools)
# known to the scheduler.
# GET /scheduler-stats/pools/detail?{query}
# Intended scope(s): project
#"scheduler_stats:pools:detail": "rule:context_is_admin"
# DEPRECATED
# "scheduler_stats:pools:detail":"rule:admin_api" has been deprecated
# since W in favor of
# "scheduler_stats:pools:detail":"rule:context_is_admin".
# The storage pool statistics API now support system scope and default
# roles.
# Create share.
# POST /shares
# Intended scope(s): project
#"share:create": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:create":"" has been deprecated since W in favor of
# "share:create":"(rule:context_is_admin) or (rule:project-member)".
# The share API now supports scope and default roles.
# Create shares visible across all projects in the cloud.
# POST /shares
# Intended scope(s): project
#"share:create_public_share": "rule:context_is_admin"
# DEPRECATED
# "share:create_public_share":"rule:admin_api" has been deprecated
# since W in favor of
# "share:create_public_share":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Get share.
# GET /shares/{share_id}
# Intended scope(s): project
#"share:get": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share:get":"rule:default" has been deprecated since W in favor of
# "share:get":"(rule:context_is_admin) or (rule:project-reader)".
# The share API now supports scope and default roles.
# List shares.
# GET /shares?{query}
# GET /shares/detail?{query}
# Intended scope(s): project
#"share:get_all": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share:get_all":"rule:default" has been deprecated since W in favor
# of "share:get_all":"(rule:context_is_admin) or (rule:project-
# reader)".
# The share API now supports scope and default roles.
# Update a share.
# PUT /shares/{share_id}
# Intended scope(s): project
#"share:update": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:update":"rule:default" has been deprecated since W in favor
# of "share:update":"(rule:context_is_admin) or (rule:project-
# member)".
# The share API now supports scope and default roles.
# Update a share to be visible across all projects in the cloud.
# PUT /shares/{share_id}
# Intended scope(s): project
#"share:set_public_share": "rule:context_is_admin"
# DEPRECATED
# "share:set_public_share":"rule:admin_api" has been deprecated since
# W in favor of "share:set_public_share":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Delete share.
# DELETE /shares/{share_id}
# Intended scope(s): project
#"share:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:delete":"rule:default" has been deprecated since W in favor
# of "share:delete":"(rule:context_is_admin) or (rule:project-
# member)".
# The share API now supports scope and default roles.
# Soft Delete a share.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:soft_delete": "(rule:context_is_admin) or (rule:project-member)"
# Restore a share.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:restore": "(rule:context_is_admin) or (rule:project-member)"
# Force Delete a share.
# DELETE /shares/{share_id}
# Intended scope(s): project
#"share:force_delete": "rule:context_is_admin"
# DEPRECATED
# "share:force_delete":"rule:admin_api" has been deprecated since W in
# favor of "share:force_delete":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Manage share.
# POST /shares/manage
# Intended scope(s): project
#"share:manage": "rule:context_is_admin"
# DEPRECATED
# "share:manage":"rule:admin_api" has been deprecated since W in favor
# of "share:manage":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Unmanage share.
# POST /shares/unmanage
# Intended scope(s): project
#"share:unmanage": "rule:context_is_admin"
# DEPRECATED
# "share:unmanage":"rule:admin_api" has been deprecated since W in
# favor of "share:unmanage":"rule:context_is_admin".
# The share API now supports scope and default roles.
# List share by host.
# GET /shares?host={host}
# GET /shares/detail?host={host}
# Intended scope(s): project
#"share:list_by_host": "rule:context_is_admin"
# DEPRECATED
# "share:list_by_host":"rule:admin_api" has been deprecated since W in
# favor of "share:list_by_host":"rule:context_is_admin".
# The share API now supports scope and default roles.
# List share by server id.
# GET /shares?share_server_id={share_server_id}
# GET /shares/detail?share_server_id={share_server_id}
# Intended scope(s): project
#"share:list_by_share_server_id": "rule:context_is_admin"
# DEPRECATED
# "share:list_by_share_server_id":"rule:admin_api" has been deprecated
# since W in favor of
# "share:list_by_share_server_id":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Get share access rule (deprecated in API version 2.45).
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:access_get": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share:access_get":"rule:default" has been deprecated since W in
# favor of "share:access_get":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share API now supports scope and default roles.
# List share access rules (deprecated in API version 2.45).
# GET /shares/{share_id}/action
# Intended scope(s): project
#"share:access_get_all": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share:access_get_all":"rule:default" has been deprecated since W in
# favor of "share:access_get_all":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share API now supports scope and default roles.
# Extend share.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:extend": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:extend":"rule:default" has been deprecated since W in favor
# of "share:extend":"(rule:context_is_admin) or (rule:project-
# member)".
# The share API now supports scope and default roles.
# Force extend share.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:force_extend": "rule:context_is_admin"
# Extend share beyond max share size.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:extend_beyond_max_share_size_spec": "rule:context_is_admin"
# Shrink share.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:shrink": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:shrink":"rule:default" has been deprecated since W in favor
# of "share:shrink":"(rule:context_is_admin) or (rule:project-
# member)".
# The share API now supports scope and default roles.
# Migrate a share to the specified host.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:migration_start": "rule:context_is_admin"
# DEPRECATED
# "share:migration_start":"rule:admin_api" has been deprecated since W
# in favor of "share:migration_start":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Invoke 2nd phase of share migration.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:migration_complete": "rule:context_is_admin"
# DEPRECATED
# "share:migration_complete":"rule:admin_api" has been deprecated
# since W in favor of
# "share:migration_complete":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Attempt to cancel share migration.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:migration_cancel": "rule:context_is_admin"
# DEPRECATED
# "share:migration_cancel":"rule:admin_api" has been deprecated since
# W in favor of "share:migration_cancel":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Retrieve share migration progress for a given share.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:migration_get_progress": "rule:context_is_admin"
# DEPRECATED
# "share:migration_get_progress":"rule:admin_api" has been deprecated
# since W in favor of
# "share:migration_get_progress":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Reset task state.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:reset_task_state": "rule:context_is_admin"
# DEPRECATED
# "share:reset_task_state":"rule:admin_api" has been deprecated since
# W in favor of "share:reset_task_state":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Reset status.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:reset_status": "rule:context_is_admin"
# DEPRECATED
# "share:reset_status":"rule:admin_api" has been deprecated since W in
# favor of "share:reset_status":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Revert a share to a snapshot.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:revert_to_snapshot": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:revert_to_snapshot":"rule:default" has been deprecated since
# W in favor of "share:revert_to_snapshot":"(rule:context_is_admin) or
# (rule:project-member)".
# The share API now supports scope and default roles.
# Add share access rule.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:allow_access": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:allow_access":"rule:default" has been deprecated since W in
# favor of "share:allow_access":"(rule:context_is_admin) or
# (rule:project-member)".
# The share API now supports scope and default roles.
# Remove share access rule.
# POST /shares/{share_id}/action
# Intended scope(s): project
#"share:deny_access": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:deny_access":"rule:default" has been deprecated since W in
# favor of "share:deny_access":"(rule:context_is_admin) or
# (rule:project-member)".
# The share API now supports scope and default roles.
# Update share metadata.
# PUT /shares/{share_id}/metadata
# POST /shares/{share_id}/metadata/{key}
# POST /shares/{share_id}/metadata
# Intended scope(s): project
#"share:update_share_metadata": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:update_share_metadata":"rule:default" has been deprecated
# since W in favor of
# "share:update_share_metadata":"(rule:context_is_admin) or
# (rule:project-member)".
# The share API now supports scope and default roles.
# Delete share metadata.
# DELETE /shares/{share_id}/metadata/{key}
# Intended scope(s): project
#"share:delete_share_metadata": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:delete_share_metadata":"rule:default" has been deprecated
# since W in favor of
# "share:delete_share_metadata":"(rule:context_is_admin) or
# (rule:project-member)".
# The share API now supports scope and default roles.
# Get share metadata.
# GET /shares/{share_id}/metadata
# GET /shares/{share_id}/metadata/{key}
# Intended scope(s): project
#"share:get_share_metadata": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share:get_share_metadata":"rule:default" has been deprecated since
# W in favor of "share:get_share_metadata":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share API now supports scope and default roles.
# List (or get) shares whose deletion has been deferred
# GET /v2/shares
# GET /shares/{share_id}
# Intended scope(s): project
#"share:list_shares_in_deferred_deletion_states": "rule:context_is_admin"
# DEPRECATED
# "share:list_shares_in_deferred_deletion_states":"rule:admin_api" has
# been deprecated since 2024.1/Caracal in favor of "share:list_shares_
# in_deferred_deletion_states":"rule:context_is_admin".
# The share API now supports scope and default roles.
# List share by all projects.
# GET /shares?all_tenants=1
# GET /shares/detail?all_tenants=1
# Intended scope(s): project
#"share:list_all_projects": "rule:context_is_admin"
# DEPRECATED
# "share:list_all_projects":"rule:admin_api" has been deprecated since
# 2025.1/Epoxy in favor of
# "share:list_all_projects":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Create share snapshot.
# POST /snapshots
# Intended scope(s): project
#"share:create_snapshot": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:create_snapshot":"rule:default" has been deprecated since W
# in favor of "share:create_snapshot":"(rule:context_is_admin) or
# (rule:project-member)".
# The share API now supports scope and default roles.
# Delete share snapshot.
# DELETE /snapshots/{snapshot_id}
# Intended scope(s): project
#"share:delete_snapshot": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:delete_snapshot":"rule:default" has been deprecated since W
# in favor of "share:delete_snapshot":"(rule:context_is_admin) or
# (rule:project-member)".
# The share API now supports scope and default roles.
# Update share snapshot.
# PUT /snapshots/{snapshot_id}/action
# Intended scope(s): project
#"share:snapshot_update": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share:snapshot_update":"rule:default" has been deprecated since W
# in favor of "share:snapshot_update":"(rule:context_is_admin) or
# (rule:project-member)".
# The share API now supports scope and default roles.
# Update metadata items that are considered "admin only" by the
# service.
# PUT /shares/{share_id}/metadata
# Intended scope(s): project
#"share:update_admin_only_metadata": "rule:context_is_admin"
# DEPRECATED
# "share:update_admin_only_metadata":"rule:admin_api" has been
# deprecated since YOGA in favor of
# "share:update_admin_only_metadata":"rule:context_is_admin".
# The share API now supports scope and default roles.
# Return data about the requested export location.
# POST /share_instances/{share_instance_id}/export_locations
# Intended scope(s): project
#"share_instance_export_location:index": "rule:context_is_admin"
# DEPRECATED
# "share_instance_export_location:index":"rule:admin_api" has been
# deprecated since W in favor of
# "share_instance_export_location:index":"rule:context_is_admin".
# The share instance export location API now supports scope and
# default roles.
# Return data about the requested export location.
# GET /share_instances/{share_instance_id}/export_locations/{export_location_id}
# Intended scope(s): project
#"share_instance_export_location:show": "rule:context_is_admin"
# DEPRECATED
# "share_instance_export_location:show":"rule:admin_api" has been
# deprecated since W in favor of
# "share_instance_export_location:show":"rule:context_is_admin".
# The share instance export location API now supports scope and
# default roles.
# Create share type.
# POST /types
# Intended scope(s): project
#"share_type:create": "rule:context_is_admin"
# DEPRECATED
# "share_type:create":"rule:admin_api" has been deprecated since W in
# favor of "share_type:create":"rule:context_is_admin".
# The share type API now supports scope and default roles.
# Update share type.
# PUT /types/{share_type_id}
# Intended scope(s): project
#"share_type:update": "rule:context_is_admin"
# DEPRECATED
# "share_type:update":"rule:admin_api" has been deprecated since W in
# favor of "share_type:update":"rule:context_is_admin".
# The share type API now supports scope and default roles.
# Get share type.
# GET /types/{share_type_id}
# Intended scope(s): project
#"share_type:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_type:show":"rule:default" has been deprecated since W in
# favor of "share_type:show":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share type API now supports scope and default roles.
# List share types.
# GET /types?is_public=all
# Intended scope(s): project
#"share_type:index": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_type:index":"rule:default" has been deprecated since W in
# favor of "share_type:index":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share type API now supports scope and default roles.
# Get default share type.
# GET /types/default
# Intended scope(s): project
#"share_type:default": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_type:default":"rule:default" has been deprecated since W in
# favor of "share_type:default":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share type API now supports scope and default roles.
# Delete share type.
# DELETE /types/{share_type_id}
# Intended scope(s): project
#"share_type:delete": "rule:context_is_admin"
# DEPRECATED
# "share_type:delete":"rule:admin_api" has been deprecated since W in
# favor of "share_type:delete":"rule:context_is_admin".
# The share type API now supports scope and default roles.
# List share type project access.
# GET /types/{share_type_id}
# Intended scope(s): project
#"share_type:list_project_access": "rule:context_is_admin"
# DEPRECATED
# "share_type:list_project_access":"rule:admin_api" has been
# deprecated since W in favor of
# "share_type:list_project_access":"rule:context_is_admin".
# The share type API now supports scope and default roles.
# Add share type to project.
# POST /types/{share_type_id}/action
# Intended scope(s): project
#"share_type:add_project_access": "rule:context_is_admin"
# DEPRECATED
# "share_type:add_project_access":"rule:admin_api" has been deprecated
# since W in favor of
# "share_type:add_project_access":"rule:context_is_admin".
# The share type API now supports scope and default roles.
# Remove share type from project.
# POST /types/{share_type_id}/action
# Intended scope(s): project
#"share_type:remove_project_access": "rule:context_is_admin"
# DEPRECATED
# "share_type:remove_project_access":"rule:admin_api" has been
# deprecated since W in favor of
# "share_type:remove_project_access":"rule:context_is_admin".
# The share type API now supports scope and default roles.
# Create share type extra spec.
# POST /types/{share_type_id}/extra_specs
# Intended scope(s): project
#"share_types_extra_spec:create": "rule:context_is_admin"
# DEPRECATED
# "share_types_extra_spec:create":"rule:admin_api" has been deprecated
# since W in favor of
# "share_types_extra_spec:create":"rule:context_is_admin".
# The share types extra specs API now supports scope and default
# roles.
# Get share type extra specs of a given share type.
# GET /types/{share_type_id}/extra_specs
# Intended scope(s): project
#"share_types_extra_spec:show": "rule:context_is_admin"
# DEPRECATED
# "share_types_extra_spec:show":"rule:admin_api" has been deprecated
# since W in favor of
# "share_types_extra_spec:show":"rule:context_is_admin".
# The share types extra specs API now supports scope and default
# roles.
# Get details of a share type extra spec.
# GET /types/{share_type_id}/extra_specs/{extra_spec_id}
# Intended scope(s): project
#"share_types_extra_spec:index": "rule:context_is_admin"
# DEPRECATED
# "share_types_extra_spec:index":"rule:admin_api" has been deprecated
# since W in favor of
# "share_types_extra_spec:index":"rule:context_is_admin".
# The share types extra specs API now supports scope and default
# roles.
# Update share type extra spec.
# PUT /types/{share_type_id}/extra_specs
# Intended scope(s): project
#"share_types_extra_spec:update": "rule:context_is_admin"
# DEPRECATED
# "share_types_extra_spec:update":"rule:admin_api" has been deprecated
# since W in favor of
# "share_types_extra_spec:update":"rule:context_is_admin".
# The share types extra specs API now supports scope and default
# roles.
# Delete share type extra spec.
# DELETE /types/{share_type_id}/extra_specs/{key}
# Intended scope(s): project
#"share_types_extra_spec:delete": "rule:context_is_admin"
# DEPRECATED
# "share_types_extra_spec:delete":"rule:admin_api" has been deprecated
# since W in favor of
# "share_types_extra_spec:delete":"rule:context_is_admin".
# The share types extra specs API now supports scope and default
# roles.
# Get share snapshot.
# GET /snapshots/{snapshot_id}
# Intended scope(s): project
#"share_snapshot:get_snapshot": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_snapshot:get_snapshot":"rule:default" has been deprecated
# since W in favor of
# "share_snapshot:get_snapshot":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share snapshot API now supports scope and default roles.
# Get all share snapshots.
# GET /snapshots?{query}
# GET /snapshots/detail?{query}
# Intended scope(s): project
#"share_snapshot:get_all_snapshots": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_snapshot:get_all_snapshots":"rule:default" has been
# deprecated since W in favor of
# "share_snapshot:get_all_snapshots":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share snapshot API now supports scope and default roles.
# List share snapshots by all projects.
# GET /snapshots?all_tenants=1
# GET /snapshots/detail?all_tenants=1
# Intended scope(s): project
#"share_snapshot:list_all_projects": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot:list_all_projects":"rule:admin_api" has been
# deprecated since 2025.1/Epoxy in favor of
# "share_snapshot:list_all_projects":"rule:context_is_admin".
# The share snapshot API now supports scope and default roles.
# Force Delete a share snapshot.
# DELETE /snapshots/{snapshot_id}
# Intended scope(s): project
#"share_snapshot:force_delete": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot:force_delete":"rule:admin_api" has been deprecated
# since W in favor of
# "share_snapshot:force_delete":"rule:context_is_admin".
# The share snapshot API now supports scope and default roles.
# Manage share snapshot.
# POST /snapshots/manage
# Intended scope(s): project
#"share_snapshot:manage_snapshot": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot:manage_snapshot":"rule:admin_api" has been
# deprecated since W in favor of
# "share_snapshot:manage_snapshot":"rule:context_is_admin".
# The share snapshot API now supports scope and default roles.
# Unmanage share snapshot.
# POST /snapshots/{snapshot_id}/action
# Intended scope(s): project
#"share_snapshot:unmanage_snapshot": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot:unmanage_snapshot":"rule:admin_api" has been
# deprecated since W in favor of
# "share_snapshot:unmanage_snapshot":"rule:context_is_admin".
# The share snapshot API now supports scope and default roles.
# Reset status.
# POST /snapshots/{snapshot_id}/action
# Intended scope(s): project
#"share_snapshot:reset_status": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot:reset_status":"rule:admin_api" has been deprecated
# since W in favor of
# "share_snapshot:reset_status":"rule:context_is_admin".
# The share snapshot API now supports scope and default roles.
# List access rules of a share snapshot.
# GET /snapshots/{snapshot_id}/access-list
# Intended scope(s): project
#"share_snapshot:access_list": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_snapshot:access_list":"rule:default" has been deprecated
# since W in favor of
# "share_snapshot:access_list":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share snapshot API now supports scope and default roles.
# Allow access to a share snapshot.
# POST /snapshots/{snapshot_id}/action
# Intended scope(s): project
#"share_snapshot:allow_access": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_snapshot:allow_access":"rule:default" has been deprecated
# since W in favor of
# "share_snapshot:allow_access":"(rule:context_is_admin) or
# (rule:project-member)".
# The share snapshot API now supports scope and default roles.
# Deny access to a share snapshot.
# POST /snapshots/{snapshot_id}/action
# Intended scope(s): project
#"share_snapshot:deny_access": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_snapshot:deny_access":"rule:default" has been deprecated
# since W in favor of
# "share_snapshot:deny_access":"(rule:context_is_admin) or
# (rule:project-member)".
# The share snapshot API now supports scope and default roles.
# Update snapshot metadata.
# PUT /snapshots/{snapshot_id}/metadata
# POST /snapshots/{snapshot_id}/metadata/{key}
# POST /snapshots/{snapshot_id}/metadata
# Intended scope(s): project
#"share_snapshot:update_metadata": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_snapshot:update_metadata":"rule:default" has been deprecated
# since ZED in favor of
# "share_snapshot:update_metadata":"(rule:context_is_admin) or
# (rule:project-member)".
# The share snapshot API now supports scope and default roles.
# Delete snapshot metadata.
# DELETE /snapshots/{snapshot_id}/metadata/{key}
# Intended scope(s): project
#"share_snapshot:delete_metadata": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_snapshot:delete_metadata":"rule:default" has been deprecated
# since ZED in favor of
# "share_snapshot:delete_metadata":"(rule:context_is_admin) or
# (rule:project-member)".
# The share snapshot API now supports scope and default roles.
# Get snapshot metadata.
# GET /snapshots/{snapshot_id}/metadata
# GET /snapshots/{snapshot_id}/metadata/{key}
# Intended scope(s): project
#"share_snapshot:get_metadata": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_snapshot:get_metadata":"rule:default" has been deprecated
# since ZED in favor of
# "share_snapshot:get_metadata":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share snapshot API now supports scope and default roles.
# List (or get) snapshots whose deletion has been deferred
# GET /v2/snapshots
# GET /snapshots/{snapshot_id}
# Intended scope(s): project
#"share_snapshot:list_snapshots_in_deferred_deletion_states": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot:list_snapshots_in_deferred_deletion_states":"rule:ad
# min_api" has been deprecated since 2024.1/Caracal in favor of "share
# _snapshot:list_snapshots_in_deferred_deletion_states":"rule:context_
# is_admin".
# The share snapshot API now supports scope and default roles.
# List export locations of a share snapshot.
# GET /snapshots/{snapshot_id}/export-locations/
# Intended scope(s): project
#"share_snapshot_export_location:index": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_snapshot_export_location:index":"rule:default" has been
# deprecated since W in favor of
# "share_snapshot_export_location:index":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share snapshot location API now supports scope and default
# roles.
# Get details of a specified export location of a share snapshot.
# GET /snapshots/{snapshot_id}/export-locations/{export_location_id}
# Intended scope(s): project
#"share_snapshot_export_location:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_snapshot_export_location:show":"rule:default" has been
# deprecated since W in favor of
# "share_snapshot_export_location:show":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share snapshot location API now supports scope and default
# roles.
# Get share snapshot instance.
# GET /snapshot-instances/{snapshot_instance_id}
# Intended scope(s): project
#"share_snapshot_instance:show": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot_instance:show":"rule:admin_api" has been deprecated
# since W in favor of
# "share_snapshot_instance:show":"rule:context_is_admin".
# The share snapshot instance API now supports scope and default
# roles.
# Get all share snapshot instances.
# GET /snapshot-instances?{query}
# Intended scope(s): project
#"share_snapshot_instance:index": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot_instance:index":"rule:admin_api" has been deprecated
# since W in favor of
# "share_snapshot_instance:index":"rule:context_is_admin".
# The share snapshot instance API now supports scope and default
# roles.
# Get details of share snapshot instances.
# GET /snapshot-instances/detail?{query}
# Intended scope(s): project
#"share_snapshot_instance:detail": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot_instance:detail":"rule:admin_api" has been
# deprecated since W in favor of
# "share_snapshot_instance:detail":"rule:context_is_admin".
# The share snapshot instance API now supports scope and default
# roles.
# Reset share snapshot instance's status.
# POST /snapshot-instances/{snapshot_instance_id}/action
# Intended scope(s): project
#"share_snapshot_instance:reset_status": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot_instance:reset_status":"rule:admin_api" has been
# deprecated since W in favor of
# "share_snapshot_instance:reset_status":"rule:context_is_admin".
# The share snapshot instance API now supports scope and default
# roles.
# List export locations of a share snapshot instance.
# GET /snapshot-instances/{snapshot_instance_id}/export-locations
# Intended scope(s): project
#"share_snapshot_instance_export_location:index": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot_instance_export_location:index":"rule:admin_api" has
# been deprecated since W in favor of "share_snapshot_instance_export_
# location:index":"rule:context_is_admin".
# The share snapshot instance export location API now supports scope
# and default roles.
# Show details of a specified export location of a share snapshot
# instance.
# GET /snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}
# Intended scope(s): project
#"share_snapshot_instance_export_location:show": "rule:context_is_admin"
# DEPRECATED
# "share_snapshot_instance_export_location:show":"rule:admin_api" has
# been deprecated since W in favor of "share_snapshot_instance_export_
# location:show":"rule:context_is_admin".
# The share snapshot instance export location API now supports scope
# and default roles.
# Get share servers.
# GET /share-servers?{query}
# Intended scope(s): project
#"share_server:index": "rule:context_is_admin"
# DEPRECATED
# "share_server:index":"rule:admin_api" has been deprecated since W in
# favor of "share_server:index":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Show share server.
# GET /share-servers/{server_id}
# Intended scope(s): project
#"share_server:show": "rule:context_is_admin"
# DEPRECATED
# "share_server:show":"rule:admin_api" has been deprecated since W in
# favor of "share_server:show":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Get share server details.
# GET /share-servers/{server_id}/details
# Intended scope(s): project
#"share_server:details": "rule:context_is_admin"
# DEPRECATED
# "share_server:details":"rule:admin_api" has been deprecated since W
# in favor of "share_server:details":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Delete share server.
# DELETE /share-servers/{server_id}
# Intended scope(s): project
#"share_server:delete": "rule:context_is_admin"
# DEPRECATED
# "share_server:delete":"rule:admin_api" has been deprecated since W
# in favor of "share_server:delete":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Manage share server.
# POST /share-servers/manage
# Intended scope(s): project
#"share_server:manage_share_server": "rule:context_is_admin"
# DEPRECATED
# "share_server:manage_share_server":"rule:admin_api" has been
# deprecated since W in favor of
# "share_server:manage_share_server":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Unmanage share server.
# POST /share-servers/{share_server_id}/action
# Intended scope(s): project
#"share_server:unmanage_share_server": "rule:context_is_admin"
# DEPRECATED
# "share_server:unmanage_share_server":"rule:admin_api" has been
# deprecated since W in favor of
# "share_server:unmanage_share_server":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Reset the status of a share server.
# POST /share-servers/{share_server_id}/action
# Intended scope(s): project
#"share_server:reset_status": "rule:context_is_admin"
# DEPRECATED
# "share_server:reset_status":"rule:admin_api" has been deprecated
# since W in favor of
# "share_server:reset_status":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Migrates a share server to the specified host.
# POST /share-servers/{share_server_id}/action
# Intended scope(s): project
#"share_server:share_server_migration_start": "rule:context_is_admin"
# DEPRECATED
# "share_server:share_server_migration_start":"rule:admin_api" has
# been deprecated since W in favor of
# "share_server:share_server_migration_start":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Check if can migrates a share server to the specified host.
# POST /share-servers/{share_server_id}/action
# Intended scope(s): project
#"share_server:share_server_migration_check": "rule:context_is_admin"
# DEPRECATED
# "share_server:share_server_migration_check":"rule:admin_api" has
# been deprecated since W in favor of
# "share_server:share_server_migration_check":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Invokes the 2nd phase of share server migration.
# POST /share-servers/{share_server_id}/action
# Intended scope(s): project
#"share_server:share_server_migration_complete": "rule:context_is_admin"
# DEPRECATED
# "share_server:share_server_migration_complete":"rule:admin_api" has
# been deprecated since W in favor of "share_server:share_server_migra
# tion_complete":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Attempts to cancel share server migration.
# POST /share-servers/{share_server_id}/action
# Intended scope(s): project
#"share_server:share_server_migration_cancel": "rule:context_is_admin"
# DEPRECATED
# "share_server:share_server_migration_cancel":"rule:admin_api" has
# been deprecated since W in favor of "share_server:share_server_migra
# tion_cancel":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Retrieves the share server migration progress for a given share
# server.
# POST /share-servers/{share_server_id}/action
# Intended scope(s): project
#"share_server:share_server_migration_get_progress": "rule:context_is_admin"
# DEPRECATED
# "share_server:share_server_migration_get_progress":"rule:admin_api"
# has been deprecated since W in favor of "share_server:share_server_m
# igration_get_progress":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Resets task state.
# POST /share-servers/{share_server_id}/action
# Intended scope(s): project
#"share_server:share_server_reset_task_state": "rule:context_is_admin"
# DEPRECATED
# "share_server:share_server_reset_task_state":"rule:admin_api" has
# been deprecated since W in favor of "share_server:share_server_reset
# _task_state":"rule:context_is_admin".
# The share server API now supports scope and default roles.
# Return a list of all running services.
# GET /os-services?{query}
# GET /services?{query}
# Intended scope(s): project
#"service:index": "rule:context_is_admin"
# DEPRECATED
# "service:index":"rule:admin_api" has been deprecated since W in
# favor of "service:index":"rule:context_is_admin".
# The service API now supports scope and default roles.
# Enable/Disable scheduling for a service.
# PUT /os-services/disable
# PUT /os-services/enable
# PUT /services/disable
# PUT /services/enable
# Intended scope(s): project
#"service:update": "rule:context_is_admin"
# DEPRECATED
# "service:update":"rule:admin_api" has been deprecated since W in
# favor of "service:update":"rule:context_is_admin".
# The service API now supports scope and default roles.
# Run ensure shares for a manila-share binary.
# POST /services/ensure
# Intended scope(s): project
#"service:ensure_shares": "rule:context_is_admin"
# DEPRECATED
# "service:ensure_shares":"rule:admin_api" has been deprecated since
# 2024.2/Dalmatian in favor of
# "service:ensure_shares":"rule:context_is_admin".
# The service API now supports scope and default roles.
# Update the quotas for a project/user and/or share type.
# PUT /quota-sets/{project_id}
# PUT /quota-sets/{project_id}?user_id={user_id}
# PUT /quota-sets/{project_id}?share_type={share_type_id}
# PUT /os-quota-sets/{project_id}
# PUT /os-quota-sets/{project_id}?user_id={user_id}
# Intended scope(s): project
#"quota_set:update": "rule:context_is_admin"
# DEPRECATED
# "quota_set:update":"rule:admin_api" has been deprecated since W in
# favor of "quota_set:update":"rule:context_is_admin".
# The quota API now supports scope and default roles.
# List the quotas for a project/user.
# GET /quota-sets/{project_id}/defaults
# GET /os-quota-sets/{project_id}/defaults
# Intended scope(s): project
#"quota_set:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "quota_set:show":"rule:default" has been deprecated since W in favor
# of "quota_set:show":"(rule:context_is_admin) or (rule:project-
# reader)".
# The quota API now supports scope and default roles.
# Delete quota for a project/user or project/share-type. The quota
# will revert back to default (Admin only).
# DELETE /quota-sets/{project_id}
# DELETE /quota-sets/{project_id}?user_id={user_id}
# DELETE /quota-sets/{project_id}?share_type={share_type_id}
# DELETE /os-quota-sets/{project_id}
# DELETE /os-quota-sets/{project_id}?user_id={user_id}
# Intended scope(s): project
#"quota_set:delete": "rule:context_is_admin"
# DEPRECATED
# "quota_set:delete":"rule:admin_api" has been deprecated since W in
# favor of "quota_set:delete":"rule:context_is_admin".
# The quota API now supports scope and default roles.
# Update quota class.
# PUT /quota-class-sets/{class_name}
# PUT /os-quota-class-sets/{class_name}
# Intended scope(s): project
#"quota_class_set:update": "rule:context_is_admin"
# DEPRECATED
# "quota_class_set:update":"rule:admin_api" has been deprecated since
# W in favor of "quota_class_set:update":"rule:context_is_admin".
# The quota class API now supports scope and default roles.
# Get quota class.
# GET /quota-class-sets/{class_name}
# GET /os-quota-class-sets/{class_name}
# Intended scope(s): project
#"quota_class_set:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "quota_class_set:show":"rule:default" has been deprecated since W in
# favor of "quota_class_set:show":"(rule:context_is_admin) or
# (rule:project-reader)".
# The quota class API now supports scope and default roles.
# Get details of a given resource lock.
# GET /resource-locks/{lock_id}
# Intended scope(s): project
#"resource_lock:get": "(rule:admin_or_service_api) or (rule:project-reader)"
# DEPRECATED
# "resource_lock:get":"rule:default" has been deprecated since
# 2023.2/Bobcat in favor of
# "resource_lock:get":"(rule:admin_or_service_api) or (rule:project-
# reader)".
# The resource lock API now supports scope and default roles.
# Get all resource locks.
# GET /resource-locks
# GET /resource-locks?{query}
# Intended scope(s): project
#"resource_lock:get_all": "(rule:admin_or_service_api) or (rule:project-reader)"
# DEPRECATED
# "resource_lock:get_all":"rule:default" has been deprecated since
# 2023.2/Bobcat in favor of
# "resource_lock:get_all":"(rule:admin_or_service_api) or
# (rule:project-reader)".
# The resource lock API now supports scope and default roles.
# Get resource locks from all project namespaces.
# GET /resource-locks?all_projects=1
# GET /resource-locks?all_projects=1&project_id={project_id}
# Intended scope(s): project
#"resource_lock:get_all_projects": "rule:admin_or_service_api"
# DEPRECATED
# "resource_lock:get_all_projects":"rule:admin_api" has been
# deprecated since 2023.2/Bobcat in favor of
# "resource_lock:get_all_projects":"rule:admin_or_service_api".
# The resource lock API now supports scope and default roles.
# Create a resource lock.
# POST /resource-locks
# Intended scope(s): project
#"resource_lock:create": "(rule:admin_or_service_api) or (rule:project-member)"
# DEPRECATED
# "resource_lock:create":"rule:default" has been deprecated since
# 2023.2/Bobcat in favor of
# "resource_lock:create":"(rule:admin_or_service_api) or
# (rule:project-member)".
# The resource lock API now supports scope and default roles.
# Update a resource lock.
# PUT /resource-locks/{lock_id}
# Intended scope(s): project
#"resource_lock:update": "(rule:owner-user or rule:admin_or_service_api)"
# DEPRECATED
# "resource_lock:update":"rule:admin_or_owner_user" has been
# deprecated since 2023.2/Bobcat in favor of
# "resource_lock:update":"(rule:owner-user or
# rule:admin_or_service_api)".
# The resource lock API now supports scope and default roles.
# Delete a resource lock.
# DELETE /resource-locks/{lock_id}
# Intended scope(s): project
#"resource_lock:delete": "(rule:owner-user or rule:admin_or_service_api)"
# DEPRECATED
# "resource_lock:delete":"rule:admin_or_owner_user" has been
# deprecated since 2023.2/Bobcat in favor of
# "resource_lock:delete":"(rule:owner-user or
# rule:admin_or_service_api)".
# The resource lock API now supports scope and default roles.
# Bypass a visibility lock placed in a resource.
# GET /share-access-rules/{share_access_id}
# GET /share-access-rules?share_id={share_id}&key1=value1&key2=value2
# Intended scope(s): project
#"resource_lock:bypass_locked_show_action": "(rule:owner-user or rule:admin_or_service_api)"
# DEPRECATED
# "resource_lock:bypass_locked_show_action":"rule:admin_or_owner_user"
# has been deprecated since 2023.2/Bobcat in favor of
# "resource_lock:bypass_locked_show_action":"(rule:owner-user or
# rule:admin_or_service_api)".
# The resource lock API now supports scope and default roles.
# Create share group type specs.
# POST /share-group-types/{share_group_type_id}/group-specs
# Intended scope(s): project
#"share_group_types_spec:create": "rule:context_is_admin"
# DEPRECATED
# "share_group_types_spec:create":"rule:admin_api" has been deprecated
# since W in favor of
# "share_group_types_spec:create":"rule:context_is_admin".
# The share group type specs API now support system scope and default
# roles.
# Get share group type specs.
# GET /share-group-types/{share_group_type_id}/group-specs
# Intended scope(s): project
#"share_group_types_spec:index": "rule:context_is_admin"
# DEPRECATED
# "share_group_types_spec:index":"rule:admin_api" has been deprecated
# since W in favor of
# "share_group_types_spec:index":"rule:context_is_admin".
# The share group type specs API now support system scope and default
# roles.
# Get details of a share group type spec.
# GET /share-group-types/{share_group_type_id}/group-specs/{key}
# Intended scope(s): project
#"share_group_types_spec:show": "rule:context_is_admin"
# DEPRECATED
# "share_group_types_spec:show":"rule:admin_api" has been deprecated
# since W in favor of
# "share_group_types_spec:show":"rule:context_is_admin".
# The share group type specs API now support system scope and default
# roles.
# Update a share group type spec.
# PUT /share-group-types/{share_group_type_id}/group-specs/{key}
# Intended scope(s): project
#"share_group_types_spec:update": "rule:context_is_admin"
# DEPRECATED
# "share_group_types_spec:update":"rule:admin_api" has been deprecated
# since W in favor of
# "share_group_types_spec:update":"rule:context_is_admin".
# The share group type specs API now support system scope and default
# roles.
# Delete a share group type spec.
# DELETE /share-group-types/{share_group_type_id}/group-specs/{key}
# Intended scope(s): project
#"share_group_types_spec:delete": "rule:context_is_admin"
# DEPRECATED
# "share_group_types_spec:delete":"rule:admin_api" has been deprecated
# since W in favor of
# "share_group_types_spec:delete":"rule:context_is_admin".
# The share group type specs API now support system scope and default
# roles.
# Create a new share group type.
# POST /share-group-types
# Intended scope(s): project
#"share_group_type:create": "rule:context_is_admin"
# DEPRECATED
# "share_group_type:create":"rule:admin_api" has been deprecated since
# W in favor of "share_group_type:create":"rule:context_is_admin".
# The share group type API now supports scope and default roles.
# Get the list of share group types.
# GET /share-group-types?is_public=all
# Intended scope(s): project
#"share_group_type:index": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_group_type:index":"rule:default" has been deprecated since W
# in favor of "share_group_type:index":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share group type API now supports scope and default roles.
# Get details regarding the specified share group type.
# GET /share-group-types/{share_group_type_id}
# Intended scope(s): project
#"share_group_type:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_group_type:show":"rule:default" has been deprecated since W
# in favor of "share_group_type:show":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share group type API now supports scope and default roles.
# Get the default share group type.
# GET /share-group-types/default
# Intended scope(s): project
#"share_group_type:default": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_group_type:default":"rule:default" has been deprecated since
# W in favor of "share_group_type:default":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share group type API now supports scope and default roles.
# Delete an existing group type.
# DELETE /share-group-types/{share_group_type_id}
# Intended scope(s): project
#"share_group_type:delete": "rule:context_is_admin"
# DEPRECATED
# "share_group_type:delete":"rule:admin_api" has been deprecated since
# W in favor of "share_group_type:delete":"rule:context_is_admin".
# The share group type API now supports scope and default roles.
# Get project access by share group type.
# GET /share-group-types/{share_group_type_id}/access
# Intended scope(s): project
#"share_group_type:list_project_access": "rule:context_is_admin"
# DEPRECATED
# "share_group_type:list_project_access":"rule:admin_api" has been
# deprecated since W in favor of
# "share_group_type:list_project_access":"rule:context_is_admin".
# The share group type API now supports scope and default roles.
# Allow project to use the share group type.
# POST /share-group-types/{share_group_type_id}/action
# Intended scope(s): project
#"share_group_type:add_project_access": "rule:context_is_admin"
# DEPRECATED
# "share_group_type:add_project_access":"rule:admin_api" has been
# deprecated since W in favor of
# "share_group_type:add_project_access":"rule:context_is_admin".
# The share group type API now supports scope and default roles.
# Deny project access to use the share group type.
# POST /share-group-types/{share_group_type_id}/action
# Intended scope(s): project
#"share_group_type:remove_project_access": "rule:context_is_admin"
# DEPRECATED
# "share_group_type:remove_project_access":"rule:admin_api" has been
# deprecated since W in favor of
# "share_group_type:remove_project_access":"rule:context_is_admin".
# The share group type API now supports scope and default roles.
# Create a new share group snapshot.
# POST /share-group-snapshots
# Intended scope(s): project
#"share_group_snapshot:create": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_group_snapshot:create":"rule:default" has been deprecated
# since W in favor of
# "share_group_snapshot:create":"(rule:context_is_admin) or
# (rule:project-member)".
# The share group snapshots API now supports scope and default roles.
# Get details of a share group snapshot.
# GET /share-group-snapshots/{share_group_snapshot_id}
# Intended scope(s): project
#"share_group_snapshot:get": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_group_snapshot:get":"rule:default" has been deprecated since
# W in favor of "share_group_snapshot:get":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share group snapshots API now supports scope and default roles.
# Get all share group snapshots.
# GET /share-group-snapshots?{query}
# GET /share-group-snapshots/detail?{query}
# Intended scope(s): project
#"share_group_snapshot:get_all": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_group_snapshot:get_all":"rule:default" has been deprecated
# since W in favor of
# "share_group_snapshot:get_all":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share group snapshots API now supports scope and default roles.
# Update a share group snapshot.
# PUT /share-group-snapshots/{share_group_snapshot_id}
# Intended scope(s): project
#"share_group_snapshot:update": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_group_snapshot:update":"rule:default" has been deprecated
# since W in favor of
# "share_group_snapshot:update":"(rule:context_is_admin) or
# (rule:project-member)".
# The share group snapshots API now supports scope and default roles.
# Delete a share group snapshot.
# DELETE /share-group-snapshots/{share_group_snapshot_id}
# Intended scope(s): project
#"share_group_snapshot:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_group_snapshot:delete":"rule:default" has been deprecated
# since W in favor of
# "share_group_snapshot:delete":"(rule:context_is_admin) or
# (rule:project-member)".
# The share group snapshots API now supports scope and default roles.
# Force delete a share group snapshot.
# POST /share-group-snapshots/{share_group_snapshot_id}/action
# Intended scope(s): project
#"share_group_snapshot:force_delete": "rule:context_is_admin"
# DEPRECATED
# "share_group_snapshot:force_delete":"rule:admin_api" has been
# deprecated since W in favor of
# "share_group_snapshot:force_delete":"rule:context_is_admin".
# The share group snapshots API now supports scope and default roles.
# Reset a share group snapshot's status.
# POST /share-group-snapshots/{share_group_snapshot_id}/action
# Intended scope(s): project
#"share_group_snapshot:reset_status": "rule:context_is_admin"
# DEPRECATED
# "share_group_snapshot:reset_status":"rule:admin_api" has been
# deprecated since W in favor of
# "share_group_snapshot:reset_status":"rule:context_is_admin".
# The share group snapshots API now supports scope and default roles.
# Create share group.
# POST /share-groups
# Intended scope(s): project
#"share_group:create": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_group:create":"rule:default" has been deprecated since W in
# favor of "share_group:create":"(rule:context_is_admin) or
# (rule:project-member)".
# The share group API now supports scope and default roles.
# Get details of a share group.
# GET /share-groups/{share_group_id}
# Intended scope(s): project
#"share_group:get": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_group:get":"rule:default" has been deprecated since W in
# favor of "share_group:get":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share group API now supports scope and default roles.
# Get all share groups.
# GET /share-groups?{query}
# GET /share-groups/detail?{query}
# Intended scope(s): project
#"share_group:get_all": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_group:get_all":"rule:default" has been deprecated since W in
# favor of "share_group:get_all":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share group API now supports scope and default roles.
# Update share group.
# PUT /share-groups/{share_group_id}
# Intended scope(s): project
#"share_group:update": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_group:update":"rule:default" has been deprecated since W in
# favor of "share_group:update":"(rule:context_is_admin) or
# (rule:project-member)".
# The share group API now supports scope and default roles.
# Delete share group.
# DELETE /share-groups/{share_group_id}
# Intended scope(s): project
#"share_group:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_group:delete":"rule:default" has been deprecated since W in
# favor of "share_group:delete":"(rule:context_is_admin) or
# (rule:project-member)".
# The share group API now supports scope and default roles.
# Force delete a share group.
# POST /share-groups/{share_group_id}/action
# Intended scope(s): project
#"share_group:force_delete": "rule:context_is_admin"
# DEPRECATED
# "share_group:force_delete":"rule:admin_api" has been deprecated
# since W in favor of
# "share_group:force_delete":"rule:context_is_admin".
# The share group API now supports scope and default roles.
# Reset share group's status.
# POST /share-groups/{share_group_id}/action
# Intended scope(s): project
#"share_group:reset_status": "rule:context_is_admin"
# DEPRECATED
# "share_group:reset_status":"rule:admin_api" has been deprecated
# since W in favor of
# "share_group:reset_status":"rule:context_is_admin".
# The share group API now supports scope and default roles.
# Create share replica.
# POST /share-replicas
# Intended scope(s): project
#"share_replica:create": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_replica:create":"rule:default" has been deprecated since W in
# favor of "share_replica:create":"(rule:context_is_admin) or
# (rule:project-member)".
# The share replica API now supports scope and default roles.
# Get all share replicas.
# GET /share-replicas
# GET /share-replicas/detail
# GET /share-replicas/detail?share_id={share_id}
# Intended scope(s): project
#"share_replica:get_all": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_replica:get_all":"rule:default" has been deprecated since W
# in favor of "share_replica:get_all":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share replica API now supports scope and default roles.
# Get details of a share replica.
# GET /share-replicas/{share_replica_id}
# Intended scope(s): project
#"share_replica:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_replica:show":"rule:default" has been deprecated since W in
# favor of "share_replica:show":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share replica API now supports scope and default roles.
# Delete a share replica.
# DELETE /share-replicas/{share_replica_id}
# Intended scope(s): project
#"share_replica:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_replica:delete":"rule:default" has been deprecated since W in
# favor of "share_replica:delete":"(rule:context_is_admin) or
# (rule:project-member)".
# The share replica API now supports scope and default roles.
# Force delete a share replica.
# POST /share-replicas/{share_replica_id}/action
# Intended scope(s): project
#"share_replica:force_delete": "rule:context_is_admin"
# DEPRECATED
# "share_replica:force_delete":"rule:admin_api" has been deprecated
# since W in favor of
# "share_replica:force_delete":"rule:context_is_admin".
# The share replica API now supports scope and default roles.
# Promote a non-active share replica to active.
# POST /share-replicas/{share_replica_id}/action
# Intended scope(s): project
#"share_replica:promote": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_replica:promote":"rule:default" has been deprecated since W
# in favor of "share_replica:promote":"(rule:context_is_admin) or
# (rule:project-member)".
# The share replica API now supports scope and default roles.
# Resync a share replica that is out of sync.
# POST /share-replicas/{share_replica_id}/action
# Intended scope(s): project
#"share_replica:resync": "rule:context_is_admin"
# DEPRECATED
# "share_replica:resync":"rule:admin_api" has been deprecated since W
# in favor of "share_replica:resync":"rule:context_is_admin".
# The share replica API now supports scope and default roles.
# Reset share replica's replica_state attribute.
# POST /share-replicas/{share_replica_id}/action
# Intended scope(s): project
#"share_replica:reset_replica_state": "rule:context_is_admin"
# DEPRECATED
# "share_replica:reset_replica_state":"rule:admin_api" has been
# deprecated since W in favor of
# "share_replica:reset_replica_state":"rule:context_is_admin".
# The share replica API now supports scope and default roles.
# Reset share replica's status.
# POST /share-replicas/{share_replica_id}/action
# Intended scope(s): project
#"share_replica:reset_status": "rule:context_is_admin"
# DEPRECATED
# "share_replica:reset_status":"rule:admin_api" has been deprecated
# since W in favor of
# "share_replica:reset_status":"rule:context_is_admin".
# The share replica API now supports scope and default roles.
# Get all export locations of a given share replica.
# GET /share-replicas/{share_replica_id}/export-locations
# Intended scope(s): project
#"share_replica_export_location:index": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_replica_export_location:index":"rule:default" has been
# deprecated since W in favor of
# "share_replica_export_location:index":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share replica export location API now supports scope and default
# roles.
# Get details about the requested share replica export location.
# GET /share-replicas/{share_replica_id}/export-locations/{export_location_id}
# Intended scope(s): project
#"share_replica_export_location:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_replica_export_location:show":"rule:default" has been
# deprecated since W in favor of
# "share_replica_export_location:show":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share replica export location API now supports scope and default
# roles.
# Create share network.
# POST /share-networks
# Intended scope(s): project
#"share_network:create": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network:create":"rule:default" has been deprecated since W in
# favor of "share_network:create":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network API now support system scope and default roles.
# Get details of a share network.
# GET /share-networks/{share_network_id}
# Intended scope(s): project
#"share_network:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_network:show":"rule:default" has been deprecated since W in
# favor of "share_network:show":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share network API now support system scope and default roles.
# Get all share networks under a project.
# GET /share-networks?{query}
# Intended scope(s): project
#"share_network:index": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_network:index":"rule:default" has been deprecated since W in
# favor of "share_network:index":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share network API now support system scope and default roles.
# Get details of share networks under a project.
# GET /share-networks/detail?{query}
# Intended scope(s): project
#"share_network:detail": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_network:detail":"rule:default" has been deprecated since W in
# favor of "share_network:detail":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share network API now support system scope and default roles.
# Update a share network.
# PUT /share-networks/{share_network_id}
# Intended scope(s): project
#"share_network:update": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network:update":"rule:default" has been deprecated since W in
# favor of "share_network:update":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network API now support system scope and default roles.
# Delete a share network.
# DELETE /share-networks/{share_network_id}
# Intended scope(s): project
#"share_network:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network:delete":"rule:default" has been deprecated since W in
# favor of "share_network:delete":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network API now support system scope and default roles.
# Add security service to share network.
# POST /share-networks/{share_network_id}/action
# Intended scope(s): project
#"share_network:add_security_service": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network:add_security_service":"rule:default" has been
# deprecated since W in favor of
# "share_network:add_security_service":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network API now support system scope and default roles.
# Check the feasibility of add security service to a share network.
# POST /share-networks/{share_network_id}/action
# Intended scope(s): project
#"share_network:add_security_service_check": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network:add_security_service_check":"rule:default" has been
# deprecated since W in favor of
# "share_network:add_security_service_check":"(rule:context_is_admin)
# or (rule:project-member)".
# The share network API now support system scope and default roles.
# Remove security service from share network.
# POST /share-networks/{share_network_id}/action
# Intended scope(s): project
#"share_network:remove_security_service": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network:remove_security_service":"rule:default" has been
# deprecated since W in favor of
# "share_network:remove_security_service":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network API now support system scope and default roles.
# Update security service from share network.
# POST /share-networks/{share_network_id}/action
# Intended scope(s): project
#"share_network:update_security_service": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network:update_security_service":"rule:default" has been
# deprecated since W in favor of
# "share_network:update_security_service":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network API now support system scope and default roles.
# Check the feasibility of update a security service from share
# network.
# POST /share-networks/{share_network_id}/action
# Intended scope(s): project
#"share_network:update_security_service_check": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network:update_security_service_check":"rule:default" has
# been deprecated since W in favor of "share_network:update_security_s
# ervice_check":"(rule:context_is_admin) or (rule:project-member)".
# The share network API now support system scope and default roles.
# Reset share network`s status.
# POST /share-networks/{share_network_id}/action
# Intended scope(s): project
#"share_network:reset_status": "rule:context_is_admin"
# DEPRECATED
# "share_network:reset_status":"rule:admin_api" has been deprecated
# since W in favor of
# "share_network:reset_status":"rule:context_is_admin".
# The share network API now support system scope and default roles.
# Get share networks belonging to all projects.
# GET /share-networks?all_tenants=1
# GET /share-networks/detail?all_tenants=1
# Intended scope(s): project
#"share_network:get_all_share_networks": "rule:context_is_admin"
# DEPRECATED
# "share_network:get_all_share_networks":"rule:admin_api" has been
# deprecated since W in favor of
# "share_network:get_all_share_networks":"rule:context_is_admin".
# The share network API now support system scope and default roles.
# Check the feasibility of create a new share network subnet for share
# network.
# POST /share-networks/{share_network_id}/action
# Intended scope(s): project
#"share_network:subnet_create_check": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network:subnet_create_check":"rule:default" has been
# deprecated since Yoga in favor of
# "share_network:subnet_create_check":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network API now support system scope and default roles.
# Create a new share network subnet.
# POST /share-networks/{share_network_id}/subnets
# Intended scope(s): project
#"share_network_subnet:create": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network_subnet:create":"rule:default" has been deprecated
# since W in favor of
# "share_network_subnet:create":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network subnet API now supports scope and default roles.
# Delete a share network subnet.
# DELETE /share-networks/{share_network_id}/subnets/{share_network_subnet_id}
# Intended scope(s): project
#"share_network_subnet:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network_subnet:delete":"rule:default" has been deprecated
# since W in favor of
# "share_network_subnet:delete":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network subnet API now supports scope and default roles.
# Shows a share network subnet.
# GET /share-networks/{share_network_id}/subnets/{share_network_subnet_id}
# Intended scope(s): project
#"share_network_subnet:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_network_subnet:show":"rule:default" has been deprecated since
# W in favor of "share_network_subnet:show":"(rule:context_is_admin)
# or (rule:project-reader)".
# The share network subnet API now supports scope and default roles.
# Get all share network subnets.
# GET /share-networks/{share_network_id}/subnets
# Intended scope(s): project
#"share_network_subnet:index": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_network_subnet:index":"rule:default" has been deprecated
# since W in favor of
# "share_network_subnet:index":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share network subnet API now supports scope and default roles.
# Update share network subnet metadata.
# PUT /share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata
# POST /share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata/{key}
# POST /share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata
# Intended scope(s): system, project
#"share_network_subnet:update_metadata": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network_subnet:update_metadata":"rule:default" has been
# deprecated since ANTELOPE in favor of
# "share_network_subnet:update_metadata":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network subnet API now supports scope and default roles.
# Delete share network subnet metadata.
# DELETE /share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata/{key}
# Intended scope(s): system, project
#"share_network_subnet:delete_metadata": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_network_subnet:delete_metadata":"rule:default" has been
# deprecated since ANTELOPE in favor of
# "share_network_subnet:delete_metadata":"(rule:context_is_admin) or
# (rule:project-member)".
# The share network subnet API now supports scope and default roles.
# Get share network subnet metadata.
# GET /share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata
# GET /share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata/{key}
# Intended scope(s): system, project
#"share_network_subnet:get_metadata": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_network_subnet:get_metadata":"rule:default" has been
# deprecated since ANTELOPE in favor of
# "share_network_subnet:get_metadata":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share network subnet API now supports scope and default roles.
# Create security service.
# POST /security-services
# Intended scope(s): project
#"security_service:create": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "security_service:create":"rule:default" has been deprecated since W
# in favor of "security_service:create":"(rule:context_is_admin) or
# (rule:project-member)".
# The security service API now supports scope and default roles.
# Get details of a security service.
# GET /security-services/{security_service_id}
# Intended scope(s): project
#"security_service:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "security_service:show":"rule:default" has been deprecated since W
# in favor of "security_service:show":"(rule:context_is_admin) or
# (rule:project-reader)".
# The security service API now supports scope and default roles.
# Get details of all security services.
# GET /security-services/detail?{query}
# Intended scope(s): project
#"security_service:detail": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "security_service:detail":"rule:default" has been deprecated since W
# in favor of "security_service:detail":"(rule:context_is_admin) or
# (rule:project-reader)".
# The security service API now supports scope and default roles.
# Get all security services under a project.
# GET /security-services?{query}
# Intended scope(s): project
#"security_service:index": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "security_service:index":"rule:default" has been deprecated since W
# in favor of "security_service:index":"(rule:context_is_admin) or
# (rule:project-reader)".
# The security service API now supports scope and default roles.
# Update a security service.
# PUT /security-services/{security_service_id}
# Intended scope(s): project
#"security_service:update": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "security_service:update":"rule:default" has been deprecated since W
# in favor of "security_service:update":"(rule:context_is_admin) or
# (rule:project-member)".
# The security service API now supports scope and default roles.
# Delete a security service.
# DELETE /security-services/{security_service_id}
# Intended scope(s): project
#"security_service:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "security_service:delete":"rule:default" has been deprecated since W
# in favor of "security_service:delete":"(rule:context_is_admin) or
# (rule:project-member)".
# The security service API now supports scope and default roles.
# Get security services of all projects.
# GET /security-services?all_tenants=1
# GET /security-services/detail?all_tenants=1
# Intended scope(s): project
#"security_service:get_all_security_services": "rule:context_is_admin"
# DEPRECATED
# "security_service:get_all_security_services":"rule:admin_api" has
# been deprecated since W in favor of "security_service:get_all_securi
# ty_services":"rule:context_is_admin".
# The security service API now supports scope and default roles.
# Get all export locations of a given share.
# GET /shares/{share_id}/export_locations
# Intended scope(s): project
#"share_export_location:index": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_export_location:index":"rule:default" has been deprecated
# since W in favor of
# "share_export_location:index":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share export location API now support system scope and default
# roles.
# Get details about the requested export location.
# GET /shares/{share_id}/export_locations/{export_location_id}
# Intended scope(s): project
#"share_export_location:show": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_export_location:show":"rule:default" has been deprecated
# since W in favor of
# "share_export_location:show":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share export location API now support system scope and default
# roles.
# Update share export location metadata.
# PUT /shares/{share_id}/export_locations/{export_location_id}/metadata
# POST /shares/{share_id}/export_locations/{export_location_id}/metadata/{key}
# POST /shares/{share_id}/export_locations/{export_location_id}/metadata
# Intended scope(s): project
#"share_export_location:update_metadata": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_export_location:update_metadata":"rule:default" has been
# deprecated since 2024.2/Dalmatian in favor of
# "share_export_location:update_metadata":"(rule:context_is_admin) or
# (rule:project-member)".
# The share export location API now support system scope and default
# roles.
# Delete share export location metadata
# DELETE /shares/{share_id}/export_locations/{export_location_id}/metadata/{key}
# Intended scope(s): project
#"share_export_location:delete_metadata": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_export_location:delete_metadata":"rule:default" has been
# deprecated since 2024.2/Dalmatian in favor of
# "share_export_location:delete_metadata":"(rule:context_is_admin) or
# (rule:project-member)".
# The share export location API now support system scope and default
# roles.
# Get share export location metadata
# GET /shares/{share_id}/export_locations/{export_location_id}/metadata
# GET /shares/{share_id}/export_locations/{export_location_id}/metadata/{key}
# Intended scope(s): project
#"share_export_location:get_metadata": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_export_location:get_metadata":"rule:default" has been
# deprecated since 2024.2/Dalmatian in favor of
# "share_export_location:get_metadata":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share export location API now support system scope and default
# roles.
# Update metadata items that are considered "admin only" by the
# service.
# PUT /shares/{share_id}/export_locations/{export_location_id}/metadata
# Intended scope(s): project
#"share_export_location:update_admin_only_metadata": "rule:context_is_admin"
# DEPRECATED
# "share_export_location:update_admin_only_metadata":"rule:admin_api"
# has been deprecated since 2024.2/Dalmatian in favor of "share_export
# _location:update_admin_only_metadata":"rule:context_is_admin".
# The share export location API now support system scope and default
# roles.
# Get all share instances.
# GET /share_instances
# GET /share_instances?{query}
# Intended scope(s): project
#"share_instance:index": "rule:context_is_admin"
# DEPRECATED
# "share_instance:index":"rule:admin_api" has been deprecated since W
# in favor of "share_instance:index":"rule:context_is_admin".
# The share instances API now supports scope and default roles.
# Get details of a share instance.
# GET /share_instances/{share_instance_id}
# Intended scope(s): project
#"share_instance:show": "rule:context_is_admin"
# DEPRECATED
# "share_instance:show":"rule:admin_api" has been deprecated since W
# in favor of "share_instance:show":"rule:context_is_admin".
# The share instances API now supports scope and default roles.
# Force delete a share instance.
# POST /share_instances/{share_instance_id}/action
# Intended scope(s): project
#"share_instance:force_delete": "rule:context_is_admin"
# DEPRECATED
# "share_instance:force_delete":"rule:admin_api" has been deprecated
# since W in favor of
# "share_instance:force_delete":"rule:context_is_admin".
# The share instances API now supports scope and default roles.
# Reset share instance's status.
# POST /share_instances/{share_instance_id}/action
# Intended scope(s): project
#"share_instance:reset_status": "rule:context_is_admin"
# DEPRECATED
# "share_instance:reset_status":"rule:admin_api" has been deprecated
# since W in favor of
# "share_instance:reset_status":"rule:context_is_admin".
# The share instances API now supports scope and default roles.
# Get details of a given message.
# GET /messages/{message_id}
# Intended scope(s): project
#"message:get": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "message:get":"rule:default" has been deprecated since W in favor of
# "message:get":"(rule:context_is_admin) or (rule:project-reader)".
# The messages API now supports scope and default roles.
# Get all messages.
# GET /messages
# GET /messages?{query}
# Intended scope(s): project
#"message:get_all": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "message:get_all":"rule:default" has been deprecated since W in
# favor of "message:get_all":"(rule:context_is_admin) or
# (rule:project-reader)".
# The messages API now supports scope and default roles.
# Delete a message.
# DELETE /messages/{message_id}
# Intended scope(s): project
#"message:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "message:delete":"rule:default" has been deprecated since W in favor
# of "message:delete":"(rule:context_is_admin) or (rule:project-
# member)".
# The messages API now supports scope and default roles.
# Get details of a share access rule.
# GET /share-access-rules/{share_access_id}
# Intended scope(s): project
#"share_access_rule:get": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_access_rule:get":"rule:default" has been deprecated since W
# in favor of "share_access_rule:get":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share access rule API now supports scope and default roles.
# List access rules of a given share.
# GET /share-access-rules?share_id={share_id}&key1=value1&key2=value2
# Intended scope(s): project
#"share_access_rule:index": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_access_rule:index":"rule:default" has been deprecated since W
# in favor of "share_access_rule:index":"(rule:context_is_admin) or
# (rule:project-reader)".
# The share access rule API now supports scope and default roles.
# Update access rules of a given share.
# PUT /share-access-rules/{share_access_id}
# Intended scope(s): project
#"share_access_rule:update": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_access_rule:update":"rule:default" has been deprecated since
# 2025.1/Epoxy in favor of
# "share_access_rule:update":"(rule:context_is_admin) or
# (rule:project-member)".
# The share access rule API now supports scope and default roles.
# Set metadata for a share access rule.
# PUT /share-access-rules/{share_access_id}/metadata
# Intended scope(s): project
#"share_access_metadata:update": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_access_metadata:update":"rule:default" has been deprecated
# since W in favor of
# "share_access_metadata:update":"(rule:context_is_admin) or
# (rule:project-member)".
# The share access metadata API now support system scope and default
# roles.
# Delete metadata for a share access rule.
# DELETE /share-access-rules/{share_access_id}/metadata/{key}
# Intended scope(s): project
#"share_access_metadata:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_access_metadata:delete":"rule:default" has been deprecated
# since W in favor of
# "share_access_metadata:delete":"(rule:context_is_admin) or
# (rule:project-member)".
# The share access metadata API now support system scope and default
# roles.
# List share transfers.
# GET /share-transfers
# GET /share-transfers/detail
#"share_transfer:get_all": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_transfer:get_all":"rule:default" has been deprecated since
# Antelope in favor of
# "share_transfer:get_all":"(rule:context_is_admin) or (rule:project-
# reader)".
# The transfer API now supports system scope and default roles.
# List share transfers with all tenants.
# GET /share-transfers
# GET /share-transfers/detail
# Intended scope(s): project
#"share_transfer:get_all_tenant": "rule:context_is_admin"
# DEPRECATED
# "share_transfer:get_all_tenant":"rule:admin_api" has been deprecated
# since Antelope in favor of
# "share_transfer:get_all_tenant":"rule:context_is_admin".
# The transfer API now supports system scope and default roles.
# Create a share transfer.
# POST /share-transfers
#"share_transfer:create": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_transfer:create":"rule:default" has been deprecated since
# Antelope in favor of
# "share_transfer:create":"(rule:context_is_admin) or (rule:project-
# member)".
# The transfer API now supports system scope and default roles.
# Show one specified share transfer.
# GET /share-transfers/{transfer_id}
#"share_transfer:get": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_transfer:get":"rule:default" has been deprecated since
# Antelope in favor of "share_transfer:get":"(rule:context_is_admin)
# or (rule:project-reader)".
# The transfer API now supports system scope and default roles.
# Accept a share transfer.
# POST /share-transfers/{transfer_id}/accept
#"share_transfer:accept": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_transfer:accept":"rule:default" has been deprecated since
# Antelope in favor of
# "share_transfer:accept":"(rule:context_is_admin) or (rule:project-
# member)".
# The transfer API now supports system scope and default roles.
# Delete share transfer.
# DELETE /share-transfers/{transfer_id}
#"share_transfer:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_transfer:delete":"rule:default" has been deprecated since
# Antelope in favor of
# "share_transfer:delete":"(rule:context_is_admin) or (rule:project-
# member)".
# The transfer API now supports system scope and default roles.
# Create share backup.
# POST /share-backups
# Intended scope(s): project
#"share_backup:create": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_backup:create":"rule:default" has been deprecated since
# 2023.2/Bobcat in favor of
# "share_backup:create":"(rule:context_is_admin) or (rule:project-
# member)".
# The share backup API now supports system scope and default roles.
# Get share backup.
# GET /share-backups/{backup_id}
# Intended scope(s): project
#"share_backup:get": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_backup:get":"rule:default" has been deprecated since
# 2023.2/Bobcat in favor of
# "share_backup:get":"(rule:context_is_admin) or (rule:project-
# reader)".
# The share backup API now supports system scope and default roles.
# Get all share backups.
# GET /share-backups
# GET /share-backups/detail
# GET /share-backups/detail?share_id=(share_id}
# Intended scope(s): project
#"share_backup:get_all": "(rule:context_is_admin) or (rule:project-reader)"
# DEPRECATED
# "share_backup:get_all":"rule:default" has been deprecated since
# 2023.2/Bobcat in favor of
# "share_backup:get_all":"(rule:context_is_admin) or (rule:project-
# reader)".
# The share backup API now supports system scope and default roles.
# Get share backups of all projects.
# GET /share-backups?all_tenants=1
# GET /share-backups/detail?all_tenants=1
# Intended scope(s): project
#"share_backup:get_all_project": "rule:context_is_admin"
# DEPRECATED
# "share_backup:get_all_project":"rule:admin_api" has been deprecated
# since 2023.2/Bobcat in favor of
# "share_backup:get_all_project":"rule:context_is_admin".
# The share backup API now supports system scope and default roles.
# Restore a share backup.
# POST /share-backups/{backup_id}/action
# Intended scope(s): project
#"share_backup:restore": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_backup:restore":"rule:admin_or_owner" has been deprecated
# since 2023.2/Bobcat in favor of
# "share_backup:restore":"(rule:context_is_admin) or (rule:project-
# member)".
# The share backup API now supports system scope and default roles.
# Reset status.
# POST /share-backups/{backup_id}/action
# Intended scope(s): project
#"share_backup:reset_status": "rule:context_is_admin"
# DEPRECATED
# "share_backup:reset_status":"rule:admin_api" has been deprecated
# since 2023.2/Bobcat in favor of
# "share_backup:reset_status":"rule:context_is_admin".
# The share backup API now supports system scope and default roles.
# Update a share backup.
# PUT /share-backups/{backup_id}
# Intended scope(s): project
#"share_backup:update": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_backup:update":"rule:admin_or_owner" has been deprecated
# since 2023.2/Bobcat in favor of
# "share_backup:update":"(rule:context_is_admin) or (rule:project-
# member)".
# The share backup API now supports system scope and default roles.
# Force Delete a share backup.
# DELETE /share-backups/{backup_id}
# Intended scope(s): project
#"share_backup:delete": "(rule:context_is_admin) or (rule:project-member)"
# DEPRECATED
# "share_backup:delete":"rule:admin_or_owner" has been deprecated
# since 2023.2/Bobcat in favor of
# "share_backup:delete":"(rule:context_is_admin) or (rule:project-
# member)".
# The share backup API now supports system scope and default roles.
