[horizon][keystone][dev] Cross-domain administrators and context-switching

Robert Donovan rob at cleansafecloud.com
Tue Jan 15 13:57:33 UTC 2019


We run a cloud service with multiple domains (one per tenant) and offer services on top which can, amongst other things, involve administrators creating instances, snapshots etc. on behalf to those tenants. My understanding is that, in order to achieve this with Horizon, we currently have to create a separate admin user in each domain with a role that allows those abilities. The administrator then needs to log into that domain using the new user to perform the required actions.

Firstly, is that assumption correct? Or is it possible use the same user credentials across domain boundaries? 

Secondly, have there ever been discussions around the “Set Domain Context” function having a wider effect to scope the whole dashboard to that particular domain, including the project panels? Are there potential issues with this as a proposal?

Many thanks,

More information about the openstack-discuss mailing list