Not authorized to list projects with keystone v3?

I set up keystone v3, and then created a domain dom1, a user adm1 and grant this user to admin role. Authenticate this user with domain scope. Then create a project under dom1. I tried to list projects with the same token that created the project. All I got is "You are not authorized to perform the requested action: identity:list_projects".

If I take out the rule domain_id:%(domain_id)s in policy.v3cloudsample.json for "identity:list_projects", everything works well.

Why cannot I list projects with the rule domain_id:%(domain_id)s? Thanks.

Solution

According to OpenStack API document, the API URL of listing projects must be filtered with domain ID. So in policy,json, domain_id:%(domain_id)s of identity:list_projects means the domain ID in URL filter must be equal to the domain ID that the token is scoped.

OpenStack Pulumi integration - Cannot connect due to apparently lacking parameter in YAML file
How to reach a OPENSTACK instance directly without using floating IP
installing python packages without internet and using source code as .tar.gz and .whl
Terraform loops with both index and values
Openstack Heat - separate templates
Using python to connect to MongoDB in OpenStack
Does POST request to /v1/<account-name> in OpenStack Swift create that account?
Openstack - Change Admin password for the Dashboard
Openstack: Terraform multiple Instances with additional Disks - for_each list(object)
Terraform: openstack_compute_instance_v2 assign multiple networks dinamically
How to get Memory Usage from Windows Server 2012 R2 in OpenStack
OpenStack - KeyStone Requires Authentication 401
Issues with bash scripting syntax in Jenkins pipeline
How to list openstack user groups of a different domain?
rabbitmq cluster mistmatch hostname issue
Terraform cant create VM in openstack provider (No suitable endpoint could be found in the service catalog)
NoValidHost: No valid host was found. There are not enough hosts available
Unable to establish connection to http://controller:9696/v2.0/networks
Get uploaded object URL using openstack4j
Use OpenStack4j in an OSGi platform
rabbitmq access to vhost denied
How can I choose a specific subnet when creating new server in OpenStack?
Trouble creating a bridge device for OpenStack Rocky Linux 9.2 networking
Create a flavour with openstack SDK
Creating octavia Loadbalancer fails with "Nova failed to build the instance due to: Invalid key_name provided"
What is the difference between provider network and self-service network in OpenStack?
What issues arise when using Openstack Swift SAIO for Production use?
Unable to fetch server IP in openstack VM
Adding VPNaaS to an OpenStack Zed setup
Openstack python api: How create a connection using Application Credentials?