1 files changed, 12 insertions, 12 deletions

diff --git a/nova/policies/server_metadata.py b/nova/policies/server_metadata.py
index 198e6e4643..f136df8439 100644
--- a/nova/policies/server_metadata.py
+++ b/nova/policies/server_metadata.py
@@ -24,7 +24,7 @@ POLICY_ROOT = 'os_compute_api:server-metadata:%s'
 server_metadata_policies = [
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'index',
-        check_str=base.PROJECT_READER_OR_SYSTEM_READER,
+        check_str=base.PROJECT_READER_OR_ADMIN,
         description="List all metadata of a server",
         operations=[
             {
@@ -32,11 +32,11 @@ server_metadata_policies = [
                 'method': 'GET'
             }
         ],
-        scope_types=['system', 'project']
+        scope_types=['project']
     ),
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'show',
-        check_str=base.PROJECT_READER_OR_SYSTEM_READER,
+        check_str=base.PROJECT_READER_OR_ADMIN,
         description="Show metadata for a server",
         operations=[
             {
@@ -44,11 +44,11 @@ server_metadata_policies = [
                 'method': 'GET'
             }
         ],
-        scope_types=['system', 'project']
+        scope_types=['project']
     ),
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'create',
-        check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN,
+        check_str=base.PROJECT_MEMBER_OR_ADMIN,
         description="Create metadata for a server",
         operations=[
             {
@@ -56,11 +56,11 @@ server_metadata_policies = [
                 'method': 'POST'
             }
         ],
-        scope_types=['system', 'project']
+        scope_types=['project']
     ),
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'update_all',
-        check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN,
+        check_str=base.PROJECT_MEMBER_OR_ADMIN,
         description="Replace metadata for a server",
         operations=[
             {
@@ -68,11 +68,11 @@ server_metadata_policies = [
                 'method': 'PUT'
             }
         ],
-        scope_types=['system', 'project']
+        scope_types=['project']
     ),
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'update',
-        check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN,
+        check_str=base.PROJECT_MEMBER_OR_ADMIN,
         description="Update metadata from a server",
         operations=[
             {
@@ -80,11 +80,11 @@ server_metadata_policies = [
                 'method': 'PUT'
             }
         ],
-        scope_types=['system', 'project']
+        scope_types=['project']
     ),
     policy.DocumentedRuleDefault(
         name=POLICY_ROOT % 'delete',
-        check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN,
+        check_str=base.PROJECT_MEMBER_OR_ADMIN,
         description="Delete metadata from a server",
         operations=[
             {
@@ -92,7 +92,7 @@ server_metadata_policies = [
                 'method': 'DELETE'
             }
         ],
-        scope_types=['system', 'project']
+        scope_types=['project']
     ),
 ]