Ask Your Question

Horizon role based access control with custom roles

asked 2015-09-22 17:25:39 -0600

davidc gravatar image

I'm working on customizing horizon such that there exist custom "pseudo admin" roles in Keystone, that is to say, within Horizon, these custom roles can do some things an admin user can do, but not everything. For example, I want to expose a link within the Admin panel on Horizon side bar to one of these pseudo admin roles but still hide it from all other roles.

A potential solution I came up with was to add this custom role to the admin roles permission. What I mean by that is admin by default has two permissions - openstack.roles._member_ and openstack.roles.admin, so I want to add the permission openstack.roles.mypseudoadmin to admin role, then tag the Admin panel with that permission. That way it will be exposed to and accessible through both the pseudo admin, and admin roles.

Is there a way, through Keystone or Horizon, to add to these permissions for a given role? Or is there a better approach to this?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2018-03-07 09:27:12 -0600

okdan gravatar image

Old question...I stumbled upon it when searching for my own question. Just add new roles with the Openstack CLI:

  • openstack role create mypseudoadmin

Then, in your panel code add:

  • permissions = ('openstack.roles.member, openstack.roles.admin, openstack.roles.mypseudoadmin')
edit flag offensive delete link more


Don't forget to log out, log in to Horizon! It does cache certain things, i.e. tokens even though it's an API. (I thought it could be done on the fly)

okdan gravatar imageokdan ( 2018-03-14 10:05:31 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-09-22 17:25:39 -0600

Seen: 864 times

Last updated: Sep 22 '15