[ https://issues.apache.org/jira/browse/CLOUDSTACK-7283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14093294#comment-14093294 ]
ASF subversion and git services commented on CLOUDSTACK-7283: ------------------------------------------------------------- Commit 97efbc56e4e24563d1a68db9da500054867683c6 in cloudstack's branch refs/heads/master from [~alena1108] [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=97efbc5 ] CLOUDSTACK-7283: listUsers - for regular user, only return the caller info. If there are more users under the same account, their information should never be returned > Allow regular user to execute listUsers API call > ------------------------------------------------ > > Key: CLOUDSTACK-7283 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7283 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: API, Doc > Affects Versions: 4.5.0 > Reporter: Alena Prokharchyk > Assignee: Radhika Nair > Fix For: 4.5.0 > > > Since normal-user role can have access to listAccounts API that returns user > info + he can update users info by calling updateUser, he should have an > access to listUsers API. The response should return his user info only. Other > users belonging to the same user's account, shouldn't be returned. -- This message was sent by Atlassian JIRA (v6.2#6252)