As far as I know this isn't a new change. I think of it like a fix to a security bug. If a user is able to edit their own default project ID we need to make sure they have a role on it right? Otherwise I could update my user with someone else's project id to gain access.
Part of the redesign around v3 was to make it a richer interface by making it possible to have a more granular policy. We wanted the ability to delegate tasks down the admin chain. Allow a domain admin to create projects in a domain, allow a user to edit their own data, etc. This leaves the cloud admin (cloud operators) out of day-to-day user tasks.
As far as I know this isn't a new change. I think of it like a fix to a security bug. If a user is able to edit their own default project ID we need to make sure they have a role on it right? Otherwise I could update my user with someone else's project id to gain access.
Part of the redesign around v3 was to make it a richer interface by making it possible to have a more granular policy. We wanted the ability to delegate tasks down the admin chain. Allow a domain admin to create projects in a domain, allow a user to edit their own data, etc. This leaves the cloud admin (cloud operators) out of day-to-day user tasks.