Comment 2 for bug 1804227

More information

If a regular user want to add a security group to a server after admin added a common (hidden) security group to the server, the regular user no longer calls "openstack server add security group". This looks confusing. See the line of the link: http://paste.openstack.org/show/735989/

In addition, (common? hidden?) security groups assigned by admin can be cleared easily.
"openstack port set --no-security-group 5d2b8ff7-1a92-4b57-972a-6c9402f9a083" does it. This is the intended behavior in the neutron API. http://paste.openstack.org/show/735990/

My general suggestion is not to depend on this behavior.