I have project A with user Anna, who has a role representing nova admin assigned (needed to allow creation of private flavors).
I have project B with user Ben, who has a role representing nova admin assigned (needed to allow creation of private flavors).
Anna has no permission on project B.
Ben has no permission on project A.
Anna creates a private flavor 'A_private', gives flavor access to project A.
Expected behaviour: only Anna (or any other nova admin in project A) can perform actions on this flavor.
Issue: Ben can perform all sort of actions on the private flavor 'A_private' (read, delete, manage access, manage extra specs).
I have project A with user Anna, who has a role representing nova admin assigned (needed to allow creation of private flavors).
I have project B with user Ben, who has a role representing nova admin assigned (needed to allow creation of private flavors).
Anna has no permission on project B.
Ben has no permission on project A.
Anna creates a private flavor 'A_private', gives flavor access to project A.
Expected behaviour: only Anna (or any other nova admin in project A) can perform actions on this flavor.
Issue: Ben can perform all sort of actions on the private flavor 'A_private' (read, delete, manage access, manage extra specs).