Add rationale for keeping the creator role for service accounts

Signed-off-by: Markus Hentsch <[email protected]>
SovereignCloudStack · May 16, 2024 · a0b332a · a0b332a
1 parent 5b571b3
commit a0b332a
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/Standards/scs-03XX-v1-standard-roles.md b/Standards/scs-03XX-v1-standard-roles.md
@@ -109,6 +109,7 @@ This offers users easy access to the Key Manager API and aligns the permission s
 
 The "creator" role will be kept for compatibility reasons concerning service integration.
 For example, the block storage service Cinder usually has a technical user in Keystone possessing the "creator" role in the "service" project.
+Moving such service accounts to the "member" role could introduce undesired access patterns in other APIs that otherwise don't accept the "creator" role but offer a lot of functionality to the "member" role by default.
 
 ### Open questions