Horizon shows me buttons that look dangerous as a regular Toolforge user (member of the tools project). These buttons include:
Ability to manage security groups:
Ability to manage hiera/puppet config:
Ability to manage server groups:
Ability to manage Cinder volumes:
According to @aborrero permissions for these actions should be checked somewhere else too but it's still worth to double check so I'm filing this task. I haven't tested if I can actually perform these actions.