I'm running devstack (master from github as of 11/21/2014) with the Horizon v2 api (default) and I want to create a read-only user account/role for viewing a single tenant's resources. I'm fairly new to things, and /etc/nova/policy.json and /etc/keystone/policy.json make very little sense right now.
Has anyone created a role that permits just viewing things and no edits/updates/changes? If so, any advice on how to accomplish that?
Rocky Release of Openstack have introduced Reader role.
refer:- https://docs.openstack.org/keystone/latest/admin/service-api-protection.html