From e74360254efb5163295c0453c8997686b2ae5588 Mon Sep 17 00:00:00 2001
From: linggao <linggao@us.ibm.com>
Date: Wed, 18 Aug 2021 21:44:12 +0000
Subject: [PATCH] Issue 25 - non-root user cannot list a specific org level
 secret

Signed-off-by: linggao <linggao@us.ibm.com>
---
 plugin/policy.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugin/policy.go b/plugin/policy.go
index 8ebb59b..6fb3d8f 100644
--- a/plugin/policy.go
+++ b/plugin/policy.go
@@ -19,7 +19,7 @@ const ADMIN_ORG_WIDE_POLICY2 = `path "openhorizon/metadata/%s/*" {capabilities =
 // Regular openhorizon users will have these ACL policies attached.
 // note: USER_PRIVATE_DENY_POLICY1 is also given to admins to prevent them from being able to read 
 // other user's private secrets
-const NON_ADMIN_ORG_WIDE_POLICY = `path "openhorizon/metadata/%s/*" {capabilities = ["list"]}`
+const NON_ADMIN_ORG_WIDE_POLICY = `path "openhorizon/metadata/%s/*" {capabilities = ["list", "read"]}`
 const USER_PRIVATE_DENY_POLICY1 = `path "openhorizon/data/%s/user/*" {capabilities = ["deny"]}`
 const USER_PRIVATE_DENY_POLICY2 = `path "openhorizon/metadata/%s/user/*" {capabilities = ["deny"]}`