With S-RBAC policies, by default it is of course forbidden for regular users to create resources, like e.g. networks for different project. Only users with admin and service roles can send project_id in request body. This is verified in https://github.com/openstack/neutron-lib/blob/3c6e404c23596411d51c42edf93b3df9948034ed/neutron_lib/api/attributes.py#L25-L32

Generally it is ok, but there may be case when operator wants to configure custom role like e.g. "network_admin" who should have granted permission to create networks on behalf of every project. Today this is not possible due to this hardcoded check.

I propose to add new rule in policy file, something like "context_can_override_project" which by default would be granted to nobody but could be then configured differently in the policy.yaml file by operator. This role would be also checked in https://github.com/openstack/neutron-lib/blob/3c6e404c23596411d51c42edf93b3df9948034ed/neutron_lib/api/attributes.py#L25-L32
This solution would be similar to solution for bug https://github.com/openstack/neutron-lib/blob/3c6e404c23596411d51c42edf93b3df9948034ed/neutron_lib/api/attributes.py#L25-L32 fixed with https://review.opendev.org/c/openstack/neutron-lib/+/954054