default policy for list domain is not cloud_admin (as Lukas mentioned) but it is also not system reader. project admin also should work - https://github.com/openstack/keystone/blob/02bbc665c415a5407e0f24ebd34433b2a64dd80f/keystone/common/policies/domain.py#L24
system reader is there as new default but as we removed the system scope form all the services then I need to make list domain (all keystone policies) to allow for system reader + project admin.
default policy for list domain is not cloud_admin (as Lukas mentioned) but it is also not system reader. project admin also should work /github. com/openstack/ keystone/ blob/02bbc665c4 15a5407e0f24ebd 34433b2a64dd80f /keystone/ common/ policies/ domain. py#L24
- https:/
system reader is there as new default but as we removed the system scope form all the services then I need to make list domain (all keystone policies) to allow for system reader + project admin.