From a support and administration point of view, it would be very useful if sufficiently authorized users (like admin) could access the Browser session report on the user profile page.

I don't believe it is really a security issue, as it only exposes: IP address, last access (both of which an admin can get in the logs), the DB record number of the session (in the URL path), and log of sessions.

I haven't looked through the capabilities list to see if there one that would make sense to tie this to.