NetiQ IDM 4.5.3 Userapp Roles based provisionig module (AE)

I would like to know which user or edirectory rights following from UI script function uses when reading attribute using DAL from eDirectory?

var value = IDVault.get(null,selectedValue, 'User', 'costCenterDescription');

in our experiences, it looks like we need to make attribute "PUBLIC" so that this function can read it, but this would end up making all attributes PUBLIC which is quite unsecure for us.

Please suggest us what to do with that; we have tried giving "intiator" user rights, but it does not work!.