Comment by fefernandez@dit.upm.es :
Dear Simon,
Thank you for writing. As my colleague Álvaro Alonso stated in a previous
message, two actions should be taken if you are to disable the possibility
of getting "other organizations" to users.
1. In order not to render the "Other organizations tab", all you need to
do is *remove the *OtherOrganizationsTab from the tabs tuple of the
Organizations Tab Group. The module that needs to be modified is inside
horizon/openstack_dashboards/dashboards/idm/organizations. You can find
where the exact line is in this link
<https://github.com/ging/horizon/blob/master/openstack_dashboard/dashboards/idm/organizations/tabs.py#L120>.
The tuple should look like this:
tabs = (OwnedOrganizationsTab, MemberOrganizationsTab)
This way, only owned organizations or those that the user is member of
will be rendered, and they will have no access to the rest of them.
2. If you want also to reject requests to the get_project Keystone API
endpoint (which I recommend if you really want to reject access, not only
via the web interface but also via the API), you have to change the
policy.json file. This file is placed inside the etc folder (take a look
at this link
<https://github.com/ging/keystone/blob/master/etc/policy.json#L44>). You
should change the "identity:get_project" and the "identity:list_projects"
policies to suit your needs.
Hope this works for you. Please, come back to us if we can be of further
help.
Sincerely,
Federico Fernández
2016-10-06 16:48 GMT+02:00 Simon Vos <s.vos@itude.com>:
> Hello Federico,
>
> Thank you for helping us on this issue, so we can move forward.
> Als listed below by BR of the JIRA Help Desk, you should be able to inform
> us in more details on this issue.
> What changes should we make to disable the possibility of getting
> organizations to users that are not owners/authorized?
> Many thanks.
>
>
> Kind Regards,
>
> Simon Vos
>
>
>
> Arthur van Schendelstraat 650
> 3511 MJ Utrecht
> ■ *mob *+31(0) 6 21 49 93 82
> ■ tel receptie +31(0)30 699 70 20
> ■ mail s.vos@itude.com
> ■ *linkedIn *linkedin.com/in/simonvos
>
>
> www.itude.com ■ K.v.K. 30146090
>
Comment by fefernandez@dit.upm.es :
Dear Simon,
We're so happy to see that the guidelines worked for your use case. Please
don't hesitate to contact us in the future if we can be of further help.
Sincerely,
Federico Fernández
2016-10-14 9:56 GMT+02:00 Simon Vos <s.vos@itude.com>:
> Dear Federico,
>
> We have analyzed the implementing guidelines for hinding the organizations
> for other users.
> We implemented this and it works fine for us.
> Many thanks.
>
> Kind Regards,
>
> Simon Vos
>
>
>
> Arthur van Schendelstraat 650
> 3511 MJ Utrecht
> ■ *mob *+31(0) 6 21 49 93 82
> ■ tel receptie +31(0)30 699 70 20
> ■ mail s.vos@itude.com
> ■ *linkedIn *linkedin.com/in/simonvos
>
>
> www.itude.com ■ K.v.K. 30146090
>