Currently the /api/security/users/:user only accepts requests from admin users. However, many use cases exists for non-admins to verify information about themselves. Our primary use case is related to a wrapper API around Artifactory. We want a user interacting with out API to provide us with basic authentication and we pass that information to Artifactory to validate that the credentials are valid within LDAP and that the user exists in Artifactory. Our current workaround is to use a different endpoint to validate credentials.
The expected behavior would look like:
User joe would be allowed to hit /api/security/users/joe, but joe would get forbidden when trying to hit /api/security/users/sam.