We see an inconsistency in the behavior between CLI and v2 APIs and hence would like to understand the reasoning:
1. CLI command cf staging-security-groups expects the user to have admin role. This indicates that the data might be secure and hence needs specific permissions. Not really sure what data does it return, but assume that it returns the list of security groups assigned to default-staging group set
2. v2 API /v2/security_groups actually returns a list of security_groups which is similar to the command cf security-groups. However, it returns additional information on the security-group as well, if it is assigned to default-staging group set or default-running group set

This seems bit inconsistent, on one hand with cli command it looks like getting the group set assignment of security groups to default-staging and default-running group set is protected [need admin role] but on the other hand that information somehow can be retrieved via the v2 APIs.
Since the action is read-only but with different behavior, it leads to confusion.