When setting up a user account for web services, one of the required steps is to "Enable capabilities for the user".

The documentation states:

The last step, and the trickiest, is to grant the right permission to the external system user. It would need the following capabilities:

• "webservice/rest:use, webservice/soap:use, webservice/xmlrpc:use, webservice/amf:use" matching the enabled protocols.
• the required capabilities by the web service functions. These required capabilities are listed when you add a function to the service.

Steps to reproduce:

1. Add a new "External Service" called "Get users"
2. Tick "Enabled" and "Authorized users only", and click "Add Service"
3. Click "Add functions"
4. Select "moodle_user_get_users_by_id" and click "Add functions"

Note that under "Required capabilities", moodle/user:viewdetails is listed as the only capability

5. Visit /admin/settings.php?section=externalservices to see the list of services, and click "Authorized users".
6. Add a user to the list of authorized users.
7. Create a new role with the capabilities webservice/rest:use, webservice/soap:use, webservice/xmlrpc:use, webservice/amf:use and moodle/user:viewdetails
8. Assign the role to the authorized user
9. From your external system, attempt to get the details of a user with a known id, using the protocol of your choice

Expected behaviour:

The user's details are returned

Observed behaviour (REST):

<EXCEPTION class="required_capability_exception">
<MESSAGE>Sorry, but you do not currently have permissions to do that (View user full information)</MESSAGE>
</EXCEPTION>