According to this document [1] multiattach volumes can only be setup if explicitly allowed by creating a “multiattach” volume type. “Starting from the Queens release the ability to attach a volume to multiple hosts/servers requires that the volume is of a special type that includes an extra-spec capability setting of multiattach=<is> True… Creating a new volume type is an admin-only operation by default. One of our customers appears to have used TerraForm to create a volume with the multiattach flag set and it worked, and that volume has multiple attachments. When I look here [2] it appears that the default is: #"volume:multiattach": "rule:xena_system_admin_or_project_member" So it looks like, by default, any project member can create a multiattach volume. What am I missing? [1]: https://docs.openstack.org/cinder/latest/admin/volume-multiattach.html [2]: https://docs.openstack.org/cinder/latest/configuration/block-storage/samples/policy.yaml.html#policy-file