Description of problem: The V2 API in keystone does not use the /etc/keystone/policy.json file to determine access to the get_endpoints method. Version-Release number of selected component (if applicable): This is true upstream as well. How reproducible: Easy to reproduce. Steps to Reproduce: On a packstack allinone: 1. modify /etc/keystone/policy.json and add the following rule: "member": [["role:_member_"], ["role:Member"]], 2. change the identity:get_endpoints rule to use this: "identity:get_endpoints": [["rule:member"]], 3. restart the keystone service 4. try to list the endpoints as a non-admin user Actual results: [root@01166114 ~(keystone_demo)]# keystone endpoint-list You are not authorized to perform the requested action, admin_required. (HTTP 403) Expected results: List the endpoints. Additional info: Filed upstream bug with proposed patch with help from Adam Young. https://bugs.launchpad.net/keystone/+bug/1350879