I have been installing Openstack Dalmation 2024.2 on Debian Bookworm. I've noticed when creating an user on default domain on a demo project, and run 'openstack role add --project demo --user myuser admin', this user will have the whole system-wide admin rights thereafter. Is this intended? Documentation[1].  claims that an admin could have project-wide scope only. Is there some underlying assumption that I create myself the project_admin, domain_admin, domain_manager, project_manager roles and modify policies in keystone, and this would be the reason why the scopes do not work? Same issues seem to be touching the "manager" role, of which I already opened a bug report. Best, Jani [1.] https://docs.openstack.org/keystone/latest/admin/service-api-protection.html Berner Fachhochschule / Bern University of Applied Sciences IT-Services / Team Linux & Infrastructure Services Jani Heikkinen IT Linux Engineer ___________________________________________________________ Dammweg 3, CH-3013 Bern Telefon direkt +41 31 848 68 14 Telefon Servicedesk +41 31 848 48 48 jani.heikkinen@bfh.ch