Bug response v2/user

Original message was deleted

fabienne•9/18/24, 5:38 AM

does the requesting user have permission to do that query?

fabienne•9/18/24, 5:39 AM

I quckly checked this myself, and the first time I used a user without any permission to manage something in ZITADEL

fabienne•9/18/24, 5:39 AM

In that case I had the same result

fabienne•9/18/24, 5:39 AM

I then removed the search query and just got my own user back

fabienne•9/18/24, 5:40 AM

then I used a user with IAM_OWNER manager rights and now I get a result

fabienne•9/18/24, 5:52 AM

that should actually work with that role

fabienne•9/18/24, 11:21 AM

Basically no user is not allowed to call the endpoint, as if you have no filter you will always be able to get your own user back.

fabienne•9/18/24, 11:21 AM

but yes the total result we might need to have a look at