This could be possible if the authorized user knows the attribute assignment id, which they could get if they have read only access.