Security engineer here. While colaborating with the team responsible for the Miro Organization on my company we encountered an issue: I am tasked with building a Miro App for an integration that requires me to be able to list all members on the Miro Organization through the Miro API (/v2/orgs/{org_id}/members). Nevertheless, If I want to do this I need to be granted Company Admin access, which would in turn allow me to modify anything on the Miro Organization.
My proposal is simple: Have more granular permissions or new Admin Role Types that would, uppon being granted to a user of the organization, allow that user to perform Read-Only operations on all resources of the organization.
Maybe a Security Audit Role / Read-Only Admin Role just so these kind of list/read operations would be permitted without allowing a user to modify the whole organization.
