jaypipes
commented
7 years ago Still need to handle the authz part of this, since the role list is sensitive information.
Open jaypipes opened 7 years ago
jaypipes
commented
7 years ago Still need to handle the authz part of this, since the role list is sensitive information.
We should list a user's roles when returning information about the user in
p7n user get <USER>. We need to be safe, though, and only return this information when the calling user is either the user themselves or has the READ_ANY/READ_ROLE/SUPER privileges.