I want to get some clarification on what permission is need to guard the operation of "list regions" and "describe region".
Currently anyone that has "CLUSTER:READ" are able to execute those two commands, regardless whether he has "READ/WRITE/MANAGE" permissions to the regions. And if a user only has read permission for a specific region, when he goes to execute "list regions", he will get a "permission denied" message instead of seeing a list of regions that he has access to. Is this the expected behavior? Or a better question is: what is the expected behavior? -- Cheers Jinmei
