Public bug reported: In Mitaka, horizon supported domain scoped token[1]. When we use it, we can operate within specified domain scope. However, if a user have admin role, Admin panel will display. Information in Admin panel is not only current domain but also all domain. Therefore, a user who are not operator(cloud admin) is also able to see other domain's info. In addition, many operation which is allowed by 'admin' can be done by its user. Originally, other components also should be addressed about keystone v3 model. But now it is not.
[1] https://review.openstack.org/#/c/148082/ ** Affects: horizon Importance: Undecided Assignee: Kenji Ishii (ken-ishii) Status: New ** Changed in: horizon Assignee: (unassigned) => Kenji Ishii (ken-ishii) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1598047 Title: Admin panel should be displayed only Cloud admin Status in OpenStack Dashboard (Horizon): New Bug description: In Mitaka, horizon supported domain scoped token[1]. When we use it, we can operate within specified domain scope. However, if a user have admin role, Admin panel will display. Information in Admin panel is not only current domain but also all domain. Therefore, a user who are not operator(cloud admin) is also able to see other domain's info. In addition, many operation which is allowed by 'admin' can be done by its user. Originally, other components also should be addressed about keystone v3 model. But now it is not. [1] https://review.openstack.org/#/c/148082/ To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1598047/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
