Ask Your Question

horizon openstack.roles with domains

asked 2018-03-07 10:00:57 -0600

okdan gravatar image


I need to implement a panel in Horizon Newton we use domains for our users/roles, since we sync users from an Active Directory server.

Checking permissions in a panel is quite straightforward within the "Default" domain, like the documentation states:

  • permissions = ('openstack.roles.admin')

I tried "openstack.roles.domain.admin", "openstack.roles.admin.domain" and "openstack.roles.admin@domain", but none of those worked to check for permissions in another domain.

How to check for permissions with users outside the default domain?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2018-03-14 10:06:02 -0600

okdan gravatar image

Turned out it's easier to just "add roles" without specifying domains. You can however use those "generic" roles in other domains - that way you can check permissions.

Don't forgot to log out/log in when applying roles / checking for roles, even though Horizon queries the API, it does cache certain things i.e. token requests, and it check for new roles!

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2018-03-07 09:34:07 -0600

Seen: 118 times

Last updated: Mar 14 '18