Comment 4 for bug 2028409

default policy for list domain is not cloud_admin (as Lukas mentioned) but it is also not system reader. project admin also should work
- https://github.com/openstack/keystone/blob/02bbc665c415a5407e0f24ebd34433b2a64dd80f/keystone/common/policies/domain.py#L24

system reader is there as new default but as we removed the system scope form all the services then I need to make list domain (all keystone policies) to allow for system reader + project admin.