Hi John,

We don't currently have a better alternative. I do think such a role would
be useful.
We're currently very focused on v3, process types, and tasks, however.

I'm not entirely sure what would be involved in making a new scope that
does this, if it's a small thing or a large, risky thing.

If you/you're team are interested in possibly making a PR on the ccng repo
[1], please submit an issue and I can dig into a bit further.

Thanks,
Dieu
CF CAPI PM.

[1] https://github.com/cloudfoundry/cloud_controller_ng/issues


On Fri, Jan 8, 2016 at 9:23 AM, john mcteague <john.mcteague(a)gmail.com>
wrote:

What is the best way to create a user account that has read only
permission on apps across all orgs and spaces?

It looks like a user with scope cloud_controller.read will work if the
user is also added to all spaces. I would prefer to avoid that latter step.

Is there an alternative?

As background, we have a component in our deployment that needs to obtain
the current location (dea) of any given app and we are doing so using the
/v2/apps/<guid>/stats endpoint and currently a user with admin level
permissions on CF.

Thanks
John.