--- a/share/roundup/templates/devel/schema.py	Wed Jun 25 13:19:42 2014 +1000
+++ b/share/roundup/templates/devel/schema.py	Fri Jul 04 15:32:28 2014 +0200
@@ -292,8 +292,13 @@
 
 # May users view other user information? Comment these lines out
 # if you don't want them to
-db.security.addPermissionToRole('User', 'View', 'user')
-db.security.addPermissionToRole('Developer', 'View', 'user')
+p = db.security.addPermission(name='View', klass='user', 
+    properties=('id', 'organisation', 'phone', 'realname', 'timezone',
+    'vcs_name', 'username'))
+db.security.addPermissionToRole('User', p)
+db.security.addPermissionToRole('Developer', p)
+
+# Coordinator may also edit users, so they may see everything:
 db.security.addPermissionToRole('Coordinator', 'View', 'user')
 
 # Allow Coordinator to edit any user, including their roles.