The user will get a response of the assets as per scope using count and list APIs. Typically, the Manager user has access to more assets than the reader user. So, the Reader user won’t be able to get responses for the APIs requested for unauthorized assets.
If a Manager user has access to 100 assets, the Count API response will show 100 assets, and the List API will show details of all 100 assets. Now, consider that the Manager user creates a ‘Reader’ subuser and assigns only 50 assets to this user. When Reader executes APIs, the response will contain data of only 50 assets and not all 100 assets.