I don't know about the GET, but looking at the horizon code it just uses the neutronclient library to make a list_security_groups() call. It doesn't seem to be using the admin role either.
I don't know about the GET, but looking at the horizon code it just uses the neutronclient library to make a list_security_ groups( ) call. It doesn't seem to be using the admin role either.