diff --git a/src/routes/test/users-test.js b/src/routes/test/users-test.js
index 3a611d213..906ba9c2a 100644
--- a/src/routes/test/users-test.js
+++ b/src/routes/test/users-test.js
@@ -265,7 +265,7 @@ describe('Users API', function () {
     });
 
     describe('groups', function () {
-        it('does not list groupIds when listing users', async function () {
+        it('lists groupIds when listing users', async function () {
             const response = await superagent.get(`${serverUrl}/api/v1/users`)
                 .query({ access_token: owner.token });
 
@@ -273,7 +273,7 @@ describe('Users API', function () {
             expect(response.body.users).to.be.an('array');
 
             response.body.users.forEach(function (user) {
-                expect('groupIds' in user).to.be(false);
+                expect('groupIds' in user).to.be(true);
             });
         });
     });
@@ -299,10 +299,10 @@ describe('Users API', function () {
                 expect(user).to.be.an('object');
                 expect(user.id).to.be.ok();
                 expect(user.email).to.be.ok();
+                expect(user.role).to.be.ok();
                 if (!user.email.startsWith('unnamed')) expect(user.username).to.be.ok();
                 expect(user.password).to.not.be.ok();
                 expect(user.salt).to.not.be.ok();
-                expect(user.groupIds).to.not.be.ok();
             });
         });
     });
diff --git a/src/routes/users.js b/src/routes/users.js
index 2ea7f06f7..cb4bb5bde 100644
--- a/src/routes/users.js
+++ b/src/routes/users.js
@@ -113,7 +113,7 @@ async function list(req, res, next) {
     let [error, results] = await safe(users.listPaged(req.query.search || null, active, page, perPage));
     if (error) return next(BoxError.toHttpError(error));
 
-    results = results.map(users.removeRestrictedFields);
+    results = results.map(users.removePrivateFields);
 
     next(new HttpSuccess(200, { users: results }));
 }
diff --git a/src/users.js b/src/users.js
index a1e94e9a7..ceb3119f7 100644
--- a/src/users.js
+++ b/src/users.js
@@ -2,7 +2,6 @@
 
 exports = module.exports = {
     removePrivateFields,
-    removeRestrictedFields,
 
     add,
     createOwner,
@@ -172,11 +171,6 @@ function removePrivateFields(user) {
     return result;
 }
 
-// remove all fields that Non-privileged users must not see
-function removeRestrictedFields(user) {
-    return _.pick(user, 'id', 'username', 'email', 'displayName', 'active');
-}
-
 async function add(email, data, auditSource) {
     assert.strictEqual(typeof email, 'string');
     assert(data && typeof data === 'object');