We've recently come to accept reader as one of the default roles. However, one thing that is not clear to me is the intention: is this designed to be the readonly set of operations that an admin can do, or the read only set of operations that a member can do? Should we really have two read-only roles, one for each case? Perhaps the admin-read-only should be called auditor, and then reader is for member only operations? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20181212/43585113/attachment-0001.html>