When users / clients without an admin token make this call:
https://github.com/openstack/python-designateclient/blob/master/designateclient/v1/quotas.py#L26
It eventually fails in the central log with a message that looks like:
2015-06-05 15:58:37.071 24238 INFO designate.policy [req-66dd0126-890b-413c-8133-dfe9cfae08e0 f3b9d089c4034398874e9fcf1a48fa97 dbc2e327b3204978b7a3292f6b7f15ec - - -] Policy check succeeded for rule 'get_quotas' on target {'tenant_id': u'dbc2e327b3204978b7a3292f6b7f15ec'}
2015-06-05 15:58:37.073 24238 INFO designate.policy [req-66dd0126-890b-413c-8133-dfe9cfae08e0 f3b9d089c4034398874e9fcf1a48fa97 dbc2e327b3204978b7a3292f6b7f15ec - - -] Policy check failed for rule 'all_tenants' on target {}
This makes quotas kind of useless, if the only people that can read them are admins (which would be the same users that can change them).
https:/ /review. openstack. org/195368