Hey Cinder team, We're running into a problem where our SystemReader role can't use the all_tenants filter when listing Cinder volumes (e.g., via `openstack volume list --all-projects`). The filter is getting stripped at the API layer here<https://github.com/openstack/cinder/blob/stable/2024.1/cinder/volume/api.py#L667-L674>. This is a blocker for auditability and integrating with third-party CMDB systems, as granting full admin access for these tools isn't a secure option. We’ve seen similar functionality handled in other services like Nova (e.g., `os_compute_api:servers:index:get_all_tenants` for SystemReader), as well as in Keystone and Neutron via policy tuning. Is there a particular reason this pattern hasn’t been implemented yet in Cinder? And would it make sense to consider making this configurable via the `volume:get_all_tenants_filter` policy rule? Appreciate any insights! Best regards, Serhii K.