From e5d5241b33486aff6bfe3071758ce12c2ae9616f Mon Sep 17 00:00:00 2001
From: Ernesto Puerta <epuertat@redhat.com>
Date: Fri, 16 Nov 2018 19:04:34 +0100
Subject: [PATCH] mgr/dashboard: Fix Forbidden Error with some roles

Fixes: http://tracker.ceph.com/issues/37293

Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
---
 src/pybind/mgr/dashboard/services/access_control.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py
index 43babfb3999..7aa33962a23 100644
--- a/src/pybind/mgr/dashboard/services/access_control.py
+++ b/src/pybind/mgr/dashboard/services/access_control.py
@@ -115,6 +115,7 @@ BLOCK_MGR_ROLE = Role('block-manager', 'Block Manager', {
 # RadosGW manager role provides all permissions for block related scopes
 RGW_MGR_ROLE = Role('rgw-manager', 'RGW Manager', {
     Scope.RGW: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE],
+    Scope.CONFIG_OPT: [_P.READ],
 })
 
 
@@ -133,11 +134,13 @@ CLUSTER_MGR_ROLE = Role('cluster-manager', 'Cluster Manager', {
 # Pool manager role provides all permissions for pool related scopes
 POOL_MGR_ROLE = Role('pool-manager', 'Pool Manager', {
     Scope.POOL: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE],
+    Scope.CONFIG_OPT: [_P.READ],
 })
 
 # Pool manager role provides all permissions for CephFS related scopes
 CEPHFS_MGR_ROLE = Role('cephfs-manager', 'CephFS Manager', {
     Scope.CEPHFS: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE],
+    Scope.CONFIG_OPT: [_P.READ],
 })
 
 
-- 
2.39.5