Comment 4 for bug 1168488

The review the the proposed change here https://review.openstack.org/26972 got some great comments, and it looks like the community would rather have the correct full change rather than the strategic one proposed.

From the comments on the review, it looks like the changes identified are:
1) Change the database function so that it doesn't require admin, then don't need to elevate context, but do need to do an audit to make sure not opening up a security hole.
2) Do more fine-grained policy checking for hosts, hypervisors, and whatever else could use this fix.
(tip: There's already a method for achieving that with an extra kwarg to the authorizer that most policies are using, like https://github.com/openstack/nova/blob/stable/grizzly/nova/api/openstack/compute/contrib/flavorextraspecs.py#L65.)

Maybe this work should be done as a blueprint rather than a bug.

I'm going to remove myself as the assignee, since I'm not currently working on it. I may make some time in the Havana timeframe, but marking it as available if someone else wants to take it on.

I'm going to abandon the other reviews.