Comment 0 for bug 1988026

When a non-admin user tries to list security groups for project_id "None", Neutron creates a default security group for that project and returns and empty list to the caller.

To reproduce:

openstack --os-cloud devstack security group list --project None
openstack --os-cloud devstack-admin security group list

The API call that is made is essentially

GET /networking/v2.0/security-groups?project_id=None

The expected result would be an authorization failure, since normal users should not be allowed to list security groups for other projects.