Currently, users added to a team that are not granted submit permissions can still go through the website's New Test Run link and get the API key for that team.
These users should not be able to navigate fully through the submit flow to get to the command line view. They may be able to guess a valid email with the API key that gets exposed. This could be a security concern. (Granted teams shouldn't add members that they can't trust.)
|Device Model Name|
|Operating System Version|