Currently only VO Admins have access to user details and our experts that
are not VO Admins lost the option to check user VO account configuration
while troubleshooting issues with grid activities. We have a lot of experts
(and support people) for different components of our distributed system and
it would not make sense to give them all full IAM privileges. We need a
better way to provide them with user account details: a new IAM "ROLE_READ"
is quite desirable for the relevant people to be allowed to see all account
details (except secrets) with the IAM web interface.
And:
It is quite annoying to live without this functionality,
so from our point of view this is quite an urgent issue.
Paraphrasing an e-mail thread initiated by ATLAS:
And:
The exact name of the role can be discussed.