Guys I see the cinderclient tool allows a non-privileged user the ability to list endpoints for all services. Is there any reason not to update the cinder policy file to disable this behavior , and, can anyone tell me the policy that would need (adding) updating. I see no obvious policy in policy.json and the logs are not helpful. Many Thanks Mike. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140915/69d9ee5c/attachment.html>