OpenStack Dashboard (Horizon)

UI actions controlled by RBAC defined by services

Registered by Lin Hua Cheng on 2012-07-06

This blueprint has been superseded. See the newer blueprint "Enforce RBAC From Service Policy Engines" for updated plans.

++++EDIT++++
Horizon should not be defining permissions itself; instead those decisions should be enforced by the policy engines of the individual services (current plan is to have those roll up through Keystone). Once keystone supports retrieving this data in the V3 API Horizon should move to this model ASAP.

+++ORIGINAL++++
Provide a configurable policy that control whether certain actions are displayed on the screen based on the privilege of the user. Leverage the Brain as the policy engine. The key in the policy would be the "dashboard:panel:action". For example: syspanel:users:edit. Each actions will check the policy.json if the action is available for the user or not.

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: None

Direction:: Needs approval

Assignee:: None

Definition:: Superseded

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Completed by: Gabriel Hurley on 2012-07-10

Related branches

Related bugs

Sprints

Whiteboard

This is effectively a duplicate of the ext-roles blueprint. I've marked it as superceded and updated the text of that blueprint to reflect the current state of OpenStack.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.