yahoo-eng-team team mailing list archive

[Kenji Ishii <ken-ishii@xxxxxxxxxxxxx>]

Public bug reported:

In Mitaka, horizon supported domain scoped token[1].
When we use it, we can operate within specified domain scope.
However, if a user have admin role, Admin panel will display.
Information in Admin panel is not only current domain but also all domain.
Therefore, a user who are not operator(cloud admin) is also able to see other domain's info.
In addition, many operation which is allowed by 'admin' can be done by its user.
Originally, other components also should be addressed about keystone v3 model. But now it is not.

[1] https://review.openstack.org/#/c/148082/

** Affects: horizon
     Importance: Undecided
     Assignee: Kenji Ishii (ken-ishii)
         Status: New

** Changed in: horizon
     Assignee: (unassigned) => Kenji Ishii (ken-ishii)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1598047

Title:
  Admin panel should be displayed only Cloud admin

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  In Mitaka, horizon supported domain scoped token[1].
  When we use it, we can operate within specified domain scope.
  However, if a user have admin role, Admin panel will display.
  Information in Admin panel is not only current domain but also all domain.
  Therefore, a user who are not operator(cloud admin) is also able to see other domain's info.
  In addition, many operation which is allowed by 'admin' can be done by its user.
  Originally, other components also should be addressed about keystone v3 model. But now it is not.

  [1] https://review.openstack.org/#/c/148082/

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1598047/+subscriptions