Can a user with admin role modify a shared network of project defined in another domain? [closed]
I have a single machine DevStack (Mitaka) setup. I have enabled multi domain functionality and am able to create multiple domains in my setup through Horizon. I created 2 domains, Domain A and Domain B. In Domain A, I created two projects PRJ_A1 and PRJ_A2 similarly in Domain B I created PRJ_B1 and PRJ_B2. In each project I created one instance namely INST_A1_1, INST_A2_1, INSTB1_1, INST_B2_1.
Following networks were created in projects :
PRJ_A1 has a private network NET_1 (subnet 10.0.0.0)
PRJ_A2 has a public shared network NET_2 (subnet 120.20.20.0)
PRJ_A3 has a private shared network NET_3 (subnet 30.0.0.0)
PRJ_A4 public network NET_4 (subnet 140.40.40.0)
NET_2 and NET_3 are shared only with project PRJ_A1 through RBAC
Domain A has following users and roles:
Bob admin role for PRJ_A1 and PRJ_A2
Nick member role for PRJ_A1
Domain B has following users and roles: Ben admin role for PRJ_A1
John member role for PRJ_A1
Following Security Groups were created and attached to instances :
SG1 for INST_A1_1
SG2 for INST_A2_1
SG3 for INST_A3_1
SG4 for INST_A4_1
I have following question:
Can a user with admin role modify a shared network of project defined in another domain? For example can Bob (admin role in PRJ_A1 and Domain A) modify/delete ports on network NET_3 which belongs to a PRJ_B1 of domain B?