"cf org-users" gives 403

[igm]

When using CF CLI to get the list of org users I get 403. I'm org manager. Tried both stable and edge releases.

$ CF_TRACE=true cf org-users <MY_ORG>
...
RESPONSE: [2014-05-27T13:06:18+01:00]
HTTP/1.1 403 Forbidden
Content-Length: 64
Cache-Control: no-store
Connection: keep-alive
Content-Type: application/json
Date: Tue, 27 May 2014 12:06:30 GMT
Pragma: no-cache
Server: Apache-Coyote/1.1

{"error":"access_denied","error_description":"Access is denied"}

ORG MANAGER
FAILED
Failed fetching org-users for role Server error, status code: 403, error code: access_denied, message: Access is denied.
ORG MANAGER
FAILED
Failed fetching org-users for role Server error, status code: 403, error code: access_denied, message: Access is denied.
ORG MANAGER

Is this expected?

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/72077266. This repo is managed by the 'CLI' team.

[igm]

Related forum discussion: http://support.run.pivotal.io/entries/66543983

[maxbrunsfeld]

@igm, can you include the full output (including the requests and responses before the one you included)?

Thanks,
CF Community Pair
Jesse and Max (@d, @maxbrunsfeld)

[igm]

here it is https://gist.github.com/igm/20a659e9c471efe00459

[lcddave]

Per discussion on r.p.i support channel, the CLI is properly returning a 403 that it getting from the CC. If the desire is to enable org-users for non admins, we need to change that upstream, not in the CLI. Will close.

[MarkKropf]

@igm I'm looking to add support for this in the future via this story: https://www.pivotaltracker.com/story/show/63345104

Right now this means adding a bunch of cc/uaa cooperation that does not currently exist. This is why we have not added this functionality yet.