Let's say my username is "pveuser@pve". If I query ACCESS/USERS, I get all the user data I'm allowed to see, among it my own, but ACCESS/USERS/PVEUSER@PVE gives a 403 Forbidden error.
Problem is I can't GET (or POST) ACCESS/USERS/PVEUSER@PVE to read (or write) my own data, unless I have the User.Modify role. But if I have this role, I can query (and edit) all other users data as well.
I don't understand this design decision, so my questions are:
1. Why can't users query their own data (without any extra permissions) under the endpoint including their own userID (and why doesn't ACCESS/USERS give a 403 Forbidden to a user without User.Modify)
2. Why can't users edit / write their own data (like an email address) without the way too powerful User.Modify role
Problem is I can't GET (or POST) ACCESS/USERS/PVEUSER@PVE to read (or write) my own data, unless I have the User.Modify role. But if I have this role, I can query (and edit) all other users data as well.
I don't understand this design decision, so my questions are:
1. Why can't users query their own data (without any extra permissions) under the endpoint including their own userID (and why doesn't ACCESS/USERS give a 403 Forbidden to a user without User.Modify)
2. Why can't users edit / write their own data (like an email address) without the way too powerful User.Modify role