As with related bug 1422046, I'm similarly triaging this as a security hardening opportunity (class D in our taxonomy https://security.openstack.org/vmt-process.html#incident-report-taxonomy ). ** Changed in: ossa Status: Incomplete => Won't Fix -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1514396 Title: cinder backup-list is always listing all tenants's bug for admin in V1 api Status in ospurge: Confirmed Status in OpenStack Security Advisory: Won't Fix Status in python-cinderclient: Confirmed Bug description: https://bugs.launchpad.net/python-cinderclient/+bug/1422046 has been fixed for V2 only This is a security issue cause it leads to deleting all production backups when logged as admin To manage notifications about this bug go to: https://bugs.launchpad.net/ospurge/+bug/1514396/+subscriptions