diff --git a/routes/users.js b/routes/users.js
index 41f96f95e504fee98dd0560abe53402d9c0a57ff..c661a2cbf03ad2a4c5d774c64a0c9f25ca23d4cb 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -38,7 +38,7 @@ router.use('/users', auth.validateToken);
 // routes
 router.get('/users', auth.validateRole('user', 'read'), function(req, res) {
   // get all users
-  User.find(function(err, users) {
+  User.find({}, 'username role mail', function(err, users) {
     if (err) {
       return next(err);
     }