Hello all, I have a multi domain setup with Mitaka and it’s all good, I have then created a new env with Ocata and have applied several changes to the policy.json in order to match what I have in the Mitaka version. However, when I have a domain admin, he can do all the steps he can in Mitaka but cannot create users for the new subdomain or the domain he is managing. here is the code for the policy.json Thanks http://pastebin.mattei.co/index.php/view/99f23c8f <http://pastebin.mattei.co/index.php/view/99f23c8f> Remo -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170330/da78efa9/attachment.html>