Description of problem:

In our doc says the following [1]:

The policy.yaml.sample file you generated describes the policies used by barbican. The policy is implemented by four different roles that define how a user interacts with secrets and secret metadata. A user receives these permissions by being assigned to a particular role:


admin - Can delete, create/edit, and read secrets.
creator - Can create/edit, and read secrets. Can not delete secrets.
observer - Can only read data.
audit - Can only read metadata. Can not read secrets.


but looks like the creator role can delete secrets owned by project, like upstream and CU can confirm:

- https://docs.openstack.org/barbican/latest/admin/access_control.html

- https://storyboard.openstack.org/#!/story/2009791

~~~
creator
Users with this role are allowed to create new resources and can also delete resources which are owned by the project for which the creator role is scoped. They are also allowed full access to existing secrets owned by the project in scope."
~~~

Looks like the upstream change to the creator role was part of openstack-barbican 9.0.2-2.20220607193627.d632bba and newer for 16.2


So looks like this is a expected behavior  and our doc is wrong.



Version-Release number of selected component (if applicable):

RHOSP 16.2.x (Train) 

How reproducible:


Steps to Reproduce:
1.does not apply
2.
3.

Actual results:

Red Hat 16.2 Documentation have the wrong  capabilities explain for Creator Role

Expected results:

Right explanation about the Role on Red Hat Documentation. 

Additional info:


-sosreport are available