Region-Specific Role Behaviors

Different regions may have slightly different role behavior. Understanding these differences will help you create correct Application Credentials.

Region `dc3-a`

In region dc3-a, the reader role inherits permissions equivalent to the member role. Always verify the active region before interpreting IAM test results or executing operations.

Region `dc4-a`

In region dc4-a, the member role does not automatically include reader permissions. When creating Application Credentials for the dc4-a region, you must explicitly add both roles:

openstack application credential create \
    --role reader \
    --role member \
    --description "Full access in dc4-a" \
    my-app

Best Practices

Always verify the active region before interpreting IAM test results or executing operations.

Region-Specific Role Behaviors

Region dc3-a

Region dc4-a

Region `dc3-a`

Region `dc4-a`