Open Stack

While debugging a token auth problem I noticed that the enforcer searches the role list in a token for a role called 'admin' (any case).  If it's present, the enforcer returns true and the acl does not set the X-Project-Id header on the request.

I was wondering what the reason for not setting project id is in this case.  I assume it is a mechanism for privilege scoping for a highly-privileged user.

Also, the name 'admin' seems like a sensible choice to denote an admin user.  Is there any other meaning behind the role name than this?

Many thanks,
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130925/1f409a5e/attachment.html>