Comment 2 for bug 1296953

I would like to seek the opinion from other developers/Core-Developers about the comments from enikanorov on the patch - https://review.openstack.org/#/c/85682/

I agree that from a Security POV giving away information is not a good idea - more so when dealing with login servers/authentication. Here in this bug, IMHO we are providing relevant information when there is a policy violation.
The user is an authenticated user and the error code is to inform that a particular operation is not permitted.

Please feel free to agree/dis-agree or correct me on this. Thank you.