Open Stack

Hi,

I'd like to ask some questions about the admin role.

When I grant the admin role to a user in a project, that user can also
get the admin role for other projects in the same domain.
If I do the following：
```shell
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default  --password-prompt myuser
openstack role add --project myproject --user myuser admin
```
Then, the myuser user has the permission to grant himself the admin
role of another project in the same domain.

I used to understand that 'openstack role add --project myproject
--user myuser admin' was simply granted to myuser as admin within the
myproject project, but now I find that This is equivalent to having
the admin role for the entire domain.

Can I ask the design idea here, or what I think is wrong？

Thanks,
Han Guangyu