If a user was granted with admin privileges from a group (i.e. let's say shlomi is part of a group named Product that is configured with Admin privileges), when executing GET /api/security/users/<username>
You will get the following response:
{ "name" : "shlomi", "email" : "a@a.a", "admin" : false, "profileUpdatable" : true, "internalPasswordDisabled" : false, "groups" : [ "bla" ], "lastLoggedInMillis" : 0, "realm" : "internal", "offlineMode" : false, "disableUIAccess" : false }
You can see that "admin" : false while the user is an admin user.
We should fix it so if a user got admin privileges from one or more groups he is associated with, the admin flag should be true.