Documentation states that "settings.update" is available only to super admins, however this is no longer true in 7.2+.

1. Create a non-super admin user, just a regular admin or regular user;
2. assign user role "Admin" or "User";
3. in User roles UI API methods field type "settings" and observe that "settings.*" and "settings.get" are available to this user role;
4. using plain API, log in with regular user;
5. check "settings.get" is working and pick one field to update, for example "login_attempts: 1";
6. perform a "settings.update" request

   {
   "login_attempts": 1
   }
   

1. observe that it executed successfully.

Before in 7.0 it worked correctly and returned error "No permissions to call "settings.update"."

Also surprisingly there are not API tests regarding settings API.