I have verified this on grizzly-2 and validation seems to be working fine.
$ keystone user-role-remove --user bd9c28b6e2794574b030ad5c3a7e4818 --tenant 97c5778a10f34b499a5abe1e2ecff24c --role 9fe2ff9ee4384b1894a90878d3e92bab $ euca-describe-instances Unauthorized: Failure communicating with keystone -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064914 Title: Removing user from a tenant isn't invalidating user access to tenant To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1064914/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
