Comment 26 for bug 1539351

To be honest, I think this should be fixed. OpenStack has completely removed the possibility for an operator to implement authorization to do some operations based on the user_id of the target instance.

First of all, this changes the behavior with the previous version of the API, and it the behavioral change was completely undocumented. Sites relying on it now find their policy complelety broken.

Secondly, IMO operators should have a way to define how they want their clouds to be accessed and managed and OpenStack should not impose a concrete usage model, assuming that this model will fit everybody. Why have we assumed that in every single case the resources are owned by the tenant? IMO this is a simplistic approach, and I do see several use cases where this is particular AuthZ granularity is needed and required.

The policy discoverability (https://review.openstack.org/#/c/289405/) and the embedded defaults (https://review.openstack.org/#/c/290155/) are useful, but if we have removed the user-based permission restriction they are useless in the context of this bug.