On August 30, 2016 at 12:31:12 AM, Selvaguru Manokaran (
selvaguru.psgtech(a)gmail.com) wrote:

We see an inconsistency in the behavior between CLI and v2 APIs and hence
would like to understand the reasoning:
1. CLI command cf staging-security-groups expects the user to have admin
role. This indicates that the data might be secure and hence needs specific
permissions. Not really sure what data does it return, but assume that it
returns the list of security groups assigned to default-staging group set
2. v2 API /v2/security_groups actually returns a list of security_groups
which is similar to the command cf security-groups. However, it returns
additional information on the security-group as well, if it is assigned to
default-staging group set or default-running group set

This seems bit inconsistent, on one hand with cli command it looks like
getting the group set assignment of security groups to default-staging and
default-running group set is protected [need admin role] but on the other
hand that information somehow can be retrieved via the v2 APIs.
Since the action is read-only but with different behavior, it leads to
confusion.