If you have volume backed OpenStack instances, you may need to resize them. In most usage cases you'll want to have un-privileged users resize the instances. This documents how you can modify the Cinder policy to allow tenant members assigned to a particular role to have permissions to resize volumes.
You will need to create or identify a suitable role. In this example I'll use "Support".
Once the role has been created or identified, add these lines to the /etc/cinder/policy.json on the Cinder API server(s):
"context_is_support": [["role:Support"]],
"admin_or_support": [["is_admin:True"], ["rule:context_is_support"]],
Modify "volume_extension:volume_admin_actions:reset_status" to use the new context:
"volume_extension:volume_admin_actions:reset_status": [["rule:admin_or_support"]],
Add users who need priveleges to resize volumes to the role SupportAdmin in their tennant.
The users you have added to the "Support" role should now be able to resize volumes.