Open Stack

Hi All
I am a new to openstack and have a basic question regarding User types and
administration
I find 3 categories of users
1. Openstack cloud administrators/users who create tenants (or projects)
and administer the cloud
2. Tenant/Project adminstrators/ops users who belong to the organizations
3. Tenant users who form the Organizations (tenants) who may be part of
respective tenant LDAP

As I see it, type (3) users are of no concern to the openstack IDAM
(keystone) database. But what I read/listen to across the Openstack
community is contrary and keystone does get into tenant users as well. Is
that so? If not, my understanding is in line. Else, can someone explain why
this is done so? I feel this has 2 disadvantages
1. Tenant user identities are no longer protected by tenant as cloud
operators can be privy to this info
2. It does not scale that a tenant org changes are have an impact in cloud
as well

Thanks
-- 
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170501/4b82b8a7/attachment.html>