Authorization check for HTTP Caches

I have Web API method as listed below, for a REST service. This is for getting all users information for InventoryAuditors. Only authorized InventoryAuditor users can access this resource.

[RoutePrefix("api/users")]
public class UsersController : ApiController
{
    [Authorize(Roles="InventoryAuditor")]
    [Route("")]
    [HttpGet]
    public List<User> GetAllUsers()
    {
        //Return list of users
    }

}

public class User
{
    public int UserID { get; set; }
    public string FirstName { get; set; }
}

Questions

Is this resource cacheable for shared caches (like Forward Proxies and other intermediary caches)?
If yes, how does the shared cache perform authorization check – how does the cache know that the resource must be served only for InventoryAuditors?
How the headers should look like to make this authorized representation cacheable?

Or is HTTP Caching not all to be used in case of authorized resources?

Note: The article "Caching Tutorial for Web Authors and Webmasters" says:

By default, pages protected with HTTP authentication are considered private; they will not be kept by shared caches. However, you can make authenticated pages public with a Cache-Control: public header; HTTP 1.1-compliant caches will then allow them to be cached.

REFERENCES

Solution

What I understand from reading various resources is - following headers may help in caching authorized resources.

Cache-Control: public, max-age=0

Max-Age = 0: Requires cache to revalidate with the server using a conditional GET request. While revalidating with the server, the Authorization headers will be sent to the server.
The max-age=0 differs from must-revalidate. The max-age=0 allows caching of responses that contain Authorization headers also.

Also refer