Comment 2 for bug 1970932

Implementation of a consistent role-based access control model is still not complete across all OpenStack services, and was even less so when Ussuri and Wallaby were released. You can read the community goal here for details:

https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html

There are almost certainly existing bug reports we could mark this as a duplicate of, but I'll wait for one of the Keystone developers to confirm before switching it to public.