diff --git a/http/users.go b/http/users.go
index a2ec72fe..66aab7e2 100644
--- a/http/users.go
+++ b/http/users.go
@@ -94,6 +94,9 @@ var userGetHandler = withSelfOrAdmin(func(w http.ResponseWriter, r *http.Request
 	}
 
 	u.Password = ""
+	if !u.Perm.Admin {
+		u.Scope = ""
+	}
 	return renderJSON(w, r, u)
 })