Comment 4 for bug 1812118

> According to your scenario, the unprivileged user may not have access to the external network and subnet which are created by the admin.

this is wrong. external network is a shared network and users use it to connect their private network to the external one using the router. And of course unprivileged they can see it, otherwise they wouldn't be able to create a router with the external network.

router is created by a user and the neutron backend creates a system port inside the private network within the system scope (context.elevated() is used).

But when user tries to update the router, the user context is used and it doesn't allow to modify the system port, therefore the update fails. I pointed you to the corresponding code and suggested to use "context.elevated()". However, this suggestion has to be doulbechecked.