Hi, maybe you need to look into /etc/heat/policy.json - maybe you run into https://bugs.launchpad.net/openstack-ansible/+bug/1428451 or similar BR, Konstantin From: Brent Troge [mailto:brenttroge2016 at gmail.com] Sent: Sunday, August 14, 2016 10:06 PM To: openstack at lists.openstack.org Subject: [Openstack] nova/neutron vs heat - run as regular user As 'joeuser' in tenant/project 'joetenant' I can create a 'direct' neutron port and boot a nova instance with the just created port. The neutron network is owned by 'joetenant' However, using the same user/tenant when I create another instance with the same resource types using heat, stack creation fails with 'forbidden' I am guessing that 'joeuser' needs to be added to a special heat group?? or the heat user needs to be added to the joetenant user. Any suggestions ? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160816/2ccc948e/attachment.html>