I created a service account.
I added the service account to a group with User Access Administrator and Cost Management Administrator.

I'm using it to discover other users permissions with the access API passing a username parameter: https://console.redhat.com/api/rbac/v1/access/?application=rbac&username=clovecc
But I'm getting a 403.

This works with my user, but likely cause its an admin.

Issue seems to be in this area of code: https://github.com/RedHatInsights/insights-rbac/blob/master/rbac/management/utils.py#L52-L65 . Seems to not accurately resolve the following check: https://github.com/RedHatInsights/insights-rbac/blob/master/rbac/management/permissions/principal_access.py#L32-L35

https://redhat-internal.slack.com/archives/C0233N2MBU6/p1703168838040469

Acceptance criteria

A service account with the "User Access Administrator" and "Cost Management Administrator" should be able to see other users' permissions for another application.

Test steps

1. Create a user principal.
2. Create a service account.
3. Attempt getting the created principal's permissions and expect an empty data array.
4. Create a new group and add it the "User Access Administrator" role.
5. Add the service account to the group.
6. Repeat the request from step 3 and assert that permissions are returned.