Comment 1 for bug 1418156

For example, in the following code from designate/central/service.py.

Line number 2 (get_domain) will return no domain for 'admin' tenant, as the current
tenant_id in the 'context' is admin tenant id, but the domain might be owned by some other
tenant who might not be an admin.

================================================================================
1.def create_recordset(self, context, domain_id, values):

2. domain = self.storage_api.get_domain(context, domain_id)

 3. target = {
            'domain_id': domain_id,
            'domain_name': domain['name'],
            'recordset_name': values['name'],
            'tenant_id': domain['tenant_id'],
           }

4. policy.check('create_recordset', context, target)

......
=================================================================