Ask Your Question

davidc's profile - activity

2016-03-24 11:23:07 -0500 received badge  Famous Question (source)
2016-02-16 04:56:27 -0500 received badge  Popular Question (source)
2016-02-16 04:56:27 -0500 received badge  Notable Question (source)
2015-09-22 23:28:31 -0500 asked a question Horizon role based access control with custom roles

I'm working on customizing horizon such that there exist custom "pseudo admin" roles in Keystone, that is to say, within Horizon, these custom roles can do some things an admin user can do, but not everything. For example, I want to expose a link within the Admin panel on Horizon side bar to one of these pseudo admin roles but still hide it from all other roles.

A potential solution I came up with was to add this custom role to the admin roles permission. What I mean by that is admin by default has two permissions - openstack.roles._member_ and openstack.roles.admin, so I want to add the permission openstack.roles.mypseudoadmin to admin role, then tag the Admin panel with that permission. That way it will be exposed to and accessible through both the pseudo admin, and admin roles.

Is there a way, through Keystone or Horizon, to add to these permissions for a given role? Or is there a better approach to this?