User with reader role can perform similar operation as other roles

Openstack Release: Zed (openstack deployed using openstack-helm)
OS: Ubuntu 22.04.2 LTS (Jammy)

Reader role in openstack can perform all the operations similar to member role. It looks like it has similar permissions as member role.

I tried to assign reader role to one of the newly created user and assign it to some project where some other member role user was also a part of it. I created Instance using member role and tried to delete it using reader role user which I managed to delete it. This is not only for instances reader role can also modify other openstack resources as well such as networks, volumes...etc

Reader role should only have limited access just to monitor the resources. It should not modify them.

I have also tried to add [oslo_policy] enforce_new_defaults = True in nova.conf but it did not helped. Also I tried to add it to keystone.conf where I was not even able to perform any operation with it in horizon. For e.g if i would have click on launch instance horizon was logging me out. I also realize that I was getting "You are not authorized to perform this operation" Error. In this case I was logged in as an admin.

I have attached nova policy file for reference.

Is there any specific policy configuration needed or some changes in the code of nova and keystone ?