Comment 4 for bug 1466694

Our default policy.json doesn't make assumptions about the privilege of the admin role. Operators are expected to customise their /etc/heat/policy.json to meet their needs.

Can you start with a customised policy.json with appropriate rule:context_is_admin then raise specific bugs for operations that you can't perform?

Also you should get some advice from the rackspace heat team (like Randall Burt) who need to perform similar actions.