Merge pull request #26 from linggao/issue25

Issue 25 - non-root user cannot list a specific org level secret
open-horizon · Aug 19, 2021 · e5e86e8 · e5e86e8
2 parents 89b3f7a + e743602
commit e5e86e8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/plugin/policy.go b/plugin/policy.go
@@ -19,7 +19,7 @@ const ADMIN_ORG_WIDE_POLICY2 = `path "openhorizon/metadata/%s/*" {capabilities =
 // Regular openhorizon users will have these ACL policies attached.
 // note: USER_PRIVATE_DENY_POLICY1 is also given to admins to prevent them from being able to read 
 // other user's private secrets
-const NON_ADMIN_ORG_WIDE_POLICY = `path "openhorizon/metadata/%s/*" {capabilities = ["list"]}`
+const NON_ADMIN_ORG_WIDE_POLICY = `path "openhorizon/metadata/%s/*" {capabilities = ["list", "read"]}`
 const USER_PRIVATE_DENY_POLICY1 = `path "openhorizon/data/%s/user/*" {capabilities = ["deny"]}`
 const USER_PRIVATE_DENY_POLICY2 = `path "openhorizon/metadata/%s/user/*" {capabilities = ["deny"]}`