Ask Your Question
0

horizon openstack.roles with domains

asked 2018-03-07 10:00:57 -0500

okdan gravatar image

Hi,

I need to implement a panel in Horizon Newton we use domains for our users/roles, since we sync users from an Active Directory server.

Checking permissions in a panel is quite straightforward within the "Default" domain, like the documentation states:

  • permissions = ('openstack.roles.admin')

I tried "openstack.roles.domain.admin", "openstack.roles.admin.domain" and "openstack.roles.admin@domain", but none of those worked to check for permissions in another domain.

How to check for permissions with users outside the default domain?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2018-03-14 10:06:02 -0500

okdan gravatar image

Turned out it's easier to just "add roles" without specifying domains. You can however use those "generic" roles in other domains - that way you can check permissions.

Don't forgot to log out/log in when applying roles / checking for roles, even though Horizon queries the API, it does cache certain things i.e. token requests, and it check for new roles!

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2018-03-07 09:34:07 -0500

Seen: 58 times

Last updated: Mar 14 '18