To ensure that non-privileged users do not gain access to information without the right permissions, users without admin privileges have the following restrictions:
The primary domain in the query may only be item.
The following three fields must be included in the
includedirective:name, repo, andpath.
Note, however, that once these restrictions are met, you may include any other accessible field from any domain in the include directive.