After looking back into the code, I remembered why we made it work this way. The Admin dashboard is for users who can perform admin operations across services. Only Keystone understands domains, so for a user to have access to all things the Admin dashboard lets them do, the user needs to be a cloud admin from a Keystone perspective *and* have the admin role on the project they're scoped to. So if both of those conditions aren't met, we hide the admin dashboard.
To give people a fighting chance at figuring this out, I added a new "Cloud Admin Confusion" section to my blog post (might take a few hours to reflect the update publicly):
After looking back into the code, I remembered why we made it work this way. The Admin dashboard is for users who can perform admin operations across services. Only Keystone understands domains, so for a user to have access to all things the Admin dashboard lets them do, the user needs to be a cloud admin from a Keystone perspective *and* have the admin role on the project they're scoped to. So if both of those conditions aren't met, we hide the admin dashboard.
To give people a fighting chance at figuring this out, I added a new "Cloud Admin Confusion" section to my blog post (might take a few hours to reflect the update publicly):
https:/ /www-secure. symantec. com/connect/ blogs/domain- support- horizon- here
In summary, yes, this is confusing, but we had to do it this way because.. OpenStack.
I'll invalidate this bug, but let me know if there are any questions.