I wasn't able to recreate this with Rocky, only a user with the "admin" role was able to list credentials, other users with member roles were denied (as policy defined).
The code was indeed changed after Rocky to account for system scope, where I believe that this issue was introduced.
I wasn't able to recreate this with Rocky, only a user with the "admin" role was able to list credentials, other users with member roles were denied (as policy defined).
The code was indeed changed after Rocky to account for system scope, where I believe that this issue was introduced.