Comment 1 for bug 1732502

I was unable to reproduce on the latest release (Pike). Created a new user and added the 'admin' role for it for domain default. I then got a domain scoped token and with that I was able to list all projects, projects on the domain, and projects on other domains. Looks like since moving to policy in code in Pike we default to the 'ADMIN_REQUIRED' rule for listing projects, so it doesn't matter what you are scoped to as long as you have the admin role[0].

I then updated the policy.json to match yours. I was able to list user's projects and the projects in the domain I was scoped to, but not in other domains[1]. This was again in Pike, I don't have a Newton or Ocata environment in hand right now, but I would recommend you to update since Newton is now EOL and unsupported[2].

[0]. https://github.com/openstack/keystone/blob/stable/pike/keystone/common/policies/project.py#L24-L29
[1]. http://paste.openstack.org/show/626534/
[2]. https://releases.openstack.org