{"body":"{\n    \"cloud_admin\": \"role:admin and token.is_admin_project:True\",\n    \"service_admin\": \"role:admin and token.project.name:service and token.project.domain.name:Service\",\n\n    \"identity:get_application_credential\": \"!\",\n    \"identity:list_application_credentials\": \"!\",\n    \"identity:create_application_credential\": \"!\",\n    \"identity:delete_application_credential\": \"!\",\n\n    \"identity:authorize_request_token\": \"!\",\n    \"identity:get_access_token\": \"!\",\n    \"identity:get_access_token_role\": \"!\",\n    \"identity:list_access_tokens\": \"!\",\n    \"identity:list_access_token_roles\": \"!\",\n    \"identity:delete_access_token\": \"!\",\n\n    \"identity:get_auth_catalog\": \"!\",\n    \"identity:get_auth_projects\": \"!\",\n    \"identity:get_auth_domains\": \"!\",\n    \"identity:get_auth_system\": \"!\",\n\n    \"identity:get_consumer\": \"!\",\n    \"identity:list_consumers\": \"!\",\n    \"identity:create_consumer\": \"!\",\n    \"identity:update_consumer\": \"!\",\n    \"identity:delete_consumer\": \"!\",\n\n    \"identity:get_credential\": \"!\",\n    \"identity:list_credentials\": \"!\",\n    \"identity:create_credential\": \"!\",\n    \"identity:update_credential\": \"!\",\n    \"identity:delete_credential\": \"!\",\n\n    \"identity:get_domain\": \"!\",\n    \"identity:list_domains\": \"!\",\n    \"identity:create_domain\": \"!\",\n    \"identity:update_domain\": \"!\",\n    \"identity:delete_domain\": \"!\",\n\n    \"identity:create_domain_config\": \"!\",\n    \"identity:get_domain_config\": \"!\",\n    \"identity:get_security_compliance_domain_config\": \"!\",\n    \"identity:update_domain_config\": \"!\",\n    \"identity:delete_domain_config\": \"!\",\n    \"identity:get_domain_config_default\": \"!\",\n\n    \"identity:ec2_get_credential\": \"!\",\n    \"identity:ec2_list_credentials\": \"!\",\n    \"identity:ec2_create_credential\": \"!\",\n    \"identity:ec2_delete_credential\": \"!\",\n\n    \"identity:get_endpoint\": \"!\",\n    \"identity:list_endpoints\": \"rule:admin_required\",\n    \"identity:create_endpoint\": \"rule:service_role\",\n    \"identity:update_endpoint\": \"!\",\n    \"identity:delete_endpoint\": \"!\",\n\n    \"identity:create_endpoint_group\": \"!\",\n    \"identity:list_endpoint_groups\": \"!\",\n    \"identity:get_endpoint_group\": \"!\",\n    \"identity:update_endpoint_group\": \"!\",\n    \"identity:delete_endpoint_group\": \"!\",\n    \"identity:list_projects_associated_with_endpoint_group\": \"!\",\n    \"identity:list_endpoints_associated_with_endpoint_group\": \"!\",\n    \"identity:get_endpoint_group_in_project\": \"!\",\n    \"identity:list_endpoint_groups_for_project\": \"!\",\n    \"identity:add_endpoint_group_to_project\": \"!\",\n    \"identity:remove_endpoint_group_from_project\": \"!\",\n\n    \"identity:check_grant\": \"rule:cloud_admin or rule:service_admin or ((role:admin or role:project_manager) and project_id:%(project_id)s)\",\n    \"identity:list_grants\": \"rule:cloud_admin or rule:service_admin or ((role:admin or role:project_manager) and project_id:%(project_id)s)\",\n    \"identity:create_grant\": \"rule:cloud_admin or (role:admin and project_id:%(project_id)s)\",\n    \"identity:revoke_grant\": \"rule:cloud_admin or (role:admin and project_id:%(project_id)s)\",\n\n    \"identity:list_system_grants_for_user\": \"!\",\n    \"identity:check_system_grant_for_user\": \"!\",\n    \"identity:create_system_grant_for_user\": \"!\",\n    \"identity:revoke_system_grant_for_user\": \"!\",\n\n    \"identity:list_system_grants_for_group\": \"!\",\n    \"identity:check_system_grant_for_group\": \"!\",\n    \"identity:create_system_grant_for_group\": \"!\",\n    \"identity:revoke_system_grant_for_group\": \"!\",\n\n    \"identity:get_group\": \"rule:admin_required\",\n    \"identity:list_groups\": \"rule:admin_required\",\n    \"identity:list_groups_for_user\": \"rule:admin_required or rule:owner\",\n    \"identity:create_group\": \"!\",\n    \"identity:update_group\": \"!\",\n    \"identity:delete_group\": \"!\",\n    \"identity:list_users_in_group\": \"rule:admin_required\",\n    \"identity:remove_user_from_group\": \"!\",\n    \"identity:check_user_in_group\": \"!\",\n    \"identity:add_user_to_group\": \"!\",\n\n    \"identity:create_identity_provider\": \"!\",\n    \"identity:list_identity_providers\": \"!\",\n    \"identity:get_identity_provider\": \"!\",\n    \"identity:update_identity_provider\": \"!\",\n    \"identity:delete_identity_provider\": \"!\",\n\n    \"identity:get_implied_role\": \"!\",\n    \"identity:list_implied_roles\": \"!\",\n    \"identity:create_implied_role\": \"!\",\n    \"identity:delete_implied_role\": \"!\",\n    \"identity:list_role_inference_rules\": \"!\",\n    \"identity:check_implied_role\": \"!\",\n\n    \"identity:get_limit_model\": \"!\",\n    \"identity:get_limit\": \"!\",\n    \"identity:list_limits\": \"!\",\n    \"identity:create_limits\": \"!\",\n    \"identity:update_limit\": \"!\",\n    \"identity:delete_limit\": \"!\",\n\n    \"identity:create_mapping\": \"!\",\n    \"identity:get_mapping\": \"!\",\n    \"identity:list_mappings\": \"!\",\n    \"identity:delete_mapping\": \"!\",\n    \"identity:update_mapping\": \"!\",\n\n    \"identity:get_policy\": \"!\",\n    \"identity:list_policies\": \"!\",\n    \"identity:create_policy\": \"!\",\n    \"identity:update_policy\": \"!\",\n    \"identity:delete_policy\": \"!\",\n\n    \"identity:create_policy_association_for_endpoint\": \"!\",\n    \"identity:check_policy_association_for_endpoint\": \"!\",\n    \"identity:delete_policy_association_for_endpoint\": \"!\",\n    \"identity:create_policy_association_for_service\": \"!\",\n    \"identity:check_policy_association_for_service\": \"!\",\n    \"identity:delete_policy_association_for_service\": \"!\",\n    \"identity:create_policy_association_for_region_and_service\": \"!\",\n    \"identity:check_policy_association_for_region_and_service\": \"!\",\n    \"identity:delete_policy_association_for_region_and_service\": \"!\",\n    \"identity:get_policy_for_endpoint\": \"!\",\n    \"identity:list_endpoints_for_policy\": \"!\",\n\n    \"identity:get_project\": \"rule:cloud_admin or project_id:%(target.project.id)s\",\n    \"identity:list_projects\": \"rule:cloud_admin or rule:service_admin\",\n    \"identity:list_user_projects\": \"rule:cloud_admin or user_id:%(user_id)s\",\n    \"identity:create_project\": \"rule:cloud_admin\",\n    \"identity:update_project\": \"rule:cloud_admin or (role:admin and project_id:%(target.project.id)s)\",\n    \"identity:delete_project\": \"rule:cloud_admin\",\n\n    \"identity:list_project_tags\": \"!\",\n    \"identity:get_project_tag\": \"!\",\n    \"identity:update_project_tags\": \"!\",\n    \"identity:create_project_tag\": \"!\",\n    \"identity:delete_project_tags\": \"!\",\n    \"identity:delete_project_tag\": \"!\",\n\n    \"identity:list_projects_for_endpoint\": \"!\",\n    \"identity:add_endpoint_to_project\": \"!\",\n    \"identity:check_endpoint_in_project\": \"!\",\n    \"identity:list_endpoints_for_project\": \"!\",\n    \"identity:remove_endpoint_from_project\": \"!\",\n\n    \"identity:create_protocol\": \"!\",\n    \"identity:update_protocol\": \"!\",\n    \"identity:get_protocol\": \"!\",\n    \"identity:list_protocols\": \"!\",\n    \"identity:delete_protocol\": \"!\",\n\n    \"identity:get_region\": \"rule:admin_required\",\n    \"identity:list_regions\": \"rule:admin_required\",\n    \"identity:create_region\": \"!\",\n    \"identity:update_region\": \"!\",\n    \"identity:delete_region\": \"!\",\n\n    \"identity:get_registered_limit\": \"!\",\n    \"identity:list_registered_limits\": \"!\",\n    \"identity:create_registered_limits\": \"!\",\n    \"identity:update_registered_limit\": \"!\",\n    \"identity:delete_registered_limit\": \"!\",\n\n    \"identity:list_revoke_events\": \"!\",\n\n    \"identity:get_role\": \"rule:admin_required\",\n    \"identity:list_roles\": \"rule:admin_required\",\n    \"identity:create_role\": \"rule:service_role\",\n    \"identity:update_role\": \"!\",\n    \"identity:delete_role\": \"!\",\n\n    \"identity:get_domain_role\": \"!\",\n    \"identity:list_domain_roles\": \"!\",\n    \"identity:create_domain_role\": \"!\",\n    \"identity:update_domain_role\": \"!\",\n    \"identity:delete_domain_role\": \"!\",\n\n    \"identity:list_role_assignments\": \"rule:cloud_admin or rule:service_admin or ((role:admin or role:project_manager) and project_id:%(scope.project.id)s)\",\n    \"identity:list_role_assignments_for_tree\": \"!\",\n\n    \"identity:get_service\": \"!\",\n    \"identity:list_services\": \"rule:admin_required\",\n    \"identity:create_service\": \"rule:service_role\",\n    \"identity:update_service\": \"!\",\n    \"identity:delete_service\": \"!\",\n\n    \"identity:create_service_provider\": \"!\",\n    \"identity:list_service_providers\": \"!\",\n    \"identity:get_service_provider\": \"!\",\n    \"identity:update_service_provider\": \"!\",\n    \"identity:delete_service_provider\": \"!\",\n\n    \"identity:revocation_list\": \"!\",\n    \"identity:check_token\": \"rule:admin_required or rule:token_subject\",\n    \"identity:validate_token\": \"rule:admin_required or rule:service_role or rule:token_subject\",\n    \"identity:revoke_token\": \"rule:admin_required or rule:token_subject\",\n\n    \"identity:create_trust\": \"!\",\n    \"identity:list_trusts\": \"!\",\n    \"identity:list_roles_for_trust\": \"!\",\n    \"identity:get_role_for_trust\": \"!\",\n    \"identity:delete_trust\": \"!\",\n    \"identity:get_trust\": \"!\",\n\n    \"identity:get_user\": \"rule:admin_required or rule:owner\",\n    \"identity:list_users\": \"rule:admin_required\",\n    \"identity:list_projects_for_user\": \"\",\n    \"identity:list_domains_for_user\": \"!\",\n    \"identity:create_user\": \"!\",\n    \"identity:update_user\": \"!\",\n    \"identity:delete_user\": \"!\"","name":"","extension":"txt","url":"https://www.irccloud.com/pastebin/q6ldi3ua","modified":1565874332,"id":"q6ldi3ua","size":8983,"lines":225,"own_paste":false,"theme":"","date":1565874332}