# default rules
# https://docs.openstack.org/neutron/yoga/configuration/policy.html

context_is_tenantLead: role:tenantLead and project_id:%(project_id)s

update_port:port_security_enabled: rule:context_is_advsvc or rule:network_owner or role:admin and project_id:%(project_id)s or rule:context_is_tenantLead
update_port:binding:profile: role:admin and project_id:%(project_id)s or rule:context_is_tenantLead