[glance][horizon][ops] Dashboard show Forbidden 403 but openstack cli works fine

Amjad Kotobi kotobi at dkrz.de
Fri Aug 21 07:54:49 UTC 2020


We are running Train release, currently facing below error when change to “Images” panel on the project which I have “User” role. The image is visibility is public. 

Error: Forbidden. Insufficient permissions of the requested operation
Error: Unable to retrieve the project. 

By using openstack-cli everything works and I do not face “Forbidden” 403, but in dashboard “access.log” it shows 

"GET /dashboard/api/keystone/projects/7331defd55ef479fbf0a9a1ac3fe9055 HTTP/1.1” 403 http://xxxxxx/dashboard/project/images”

I checked:

1. glance: policy.json from both dashboard and api/registry hosts are same.
2. From dashboard API images is 2

As soon as I change the OWNER of image to the project which my role = USER the error disappears.

Any ideas or previous encounter similar to this issue?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200821/61a3971f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5223 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200821/61a3971f/attachment.bin>

More information about the openstack-discuss mailing list