Comment 2 for bug 1290895

Eugene,

I believe Neutron has four different authorization levels. Create, Read, Update and Delete.

Lets say a role of 'deployer' has Read auth to Networks and Subnets, and then CRUD operations to Ports. If they try to run an operation against a Network such as Update, Neutron states the resource is not found.

I would agree with your assessment if the users had no access to the object. However, what about the scenarios where they have some degree of access (typically read) to the object, but the action they are running against that object is not allowed?

Maybe something where, if the user running the action does has Read auth, but not Create/Update/Delete auth, we provide a different message rather than Resource Not Found when the user tries to run those un-authorized operations?

Thoughts?