Comment 1 for bug 1624834

The last policy.json in the heat repository is defined as follows:

  "context_is_admin": "role:admin and is_admin_project:True",
  "service:index": "rule:context_is_admin",

This problem cannot be solved simply by copying policy.json from heat project.

is_admin_project attribute is defined by oslo_context in most project.
(commit d3af1d06b4046c25c199bf1c389a9e440a634bc6 in oslo_context repo).
However, horizon (openstack_auth) has a different implementation.
"is_admin_project" support needs to be added.