Comment 4 for bug 1824248

In OpenStack deployments, admin role has a lot of power and this is not specific to this case reported here.
I think this is the security model we adopt now.

On the other hand, neutron needs to allow operators to configure a policy for create_security_group_rule. If it does not work, this is another issue and we (as my neutron team hat) should fix it. I will check the current behavior.