It is fixed by https://review.opendev.org/c/openstack/horizon/+/774922
** Changed in: horizon Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1915308 Title: security group table doesn't observe Neutron policy settings Status in OpenStack Dashboard (Horizon): Fix Released Status in OpenStack Security Advisory: Won't Fix Bug description: The security group panel enables all actions (create/edit/delete/manage rules/etc.) regardless of the network policy.yaml settings or user account. In the code there's this telling readme: # TODO(amotoki): [drop-nova-network] Add neutron policy support In my deployment this is a bit alarming -- users who are intended to be read-only are nonetheless invited to delete things. Of course the Neutron backend /does/ observe the policy so this is ugly but not usually an actual security risk unless people have different back-end and front-end policy files. I'm flagging as security-related nonetheless for the odd edge case where it poses a risk. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1915308/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp