Auditor users unable to view blocked users via the list users API endpoint
Proposal
Auditor users are able to access the List Users API endpoint. The documentation seems to suggest that for non admin users, the blocked
parameter is set to false
by default, which allows for listing all users and not only blocked users. This works as expected for admin users.
Upon further testing, auditor users are unable to list blocked users with either:
-
http(s)://<instance-url>/api/v4/users
- should return blocked users as well as active users -
http(s)://<instance-url>/api/v4/users?blocked=true
- should return blocked users.
This has come up in a ticket linked below for other GitLab Team Members who have access.
ZD Ticket - internal only
It would be helpful for auditor users to be able to view blocked users using the List users API endpoint.
Edited by Christopher Mutua