f3ffd088ef
When executing an action on behalf of an administrator, disable the administrateServer capability during the request. This may limit the damage a compromised role account could cause by avoiding any permissions that are not explicitly granted. Change-Id: I263e1d8e1a645617842f11b7712f79f5c009c6ca