Hi,
We are faced with a question about tenant-specific user accounts for capture agents in Opencast. Specifically, I am wondering which roles such a user would need, since I cannot seem to find a hint in the docs. We have a multi-installation & multi-tenant environment and would like to keep CA credentials separated by tenants, so using the installation-wide `opencast_system_account` is not really an option for us.
According to the developer docs (
https://docs.opencast.org/r/11.x/developer/#modules/capture-agent/capture-agent/#authentication), a CA user can be created using the web interface or configuration files. In our case we would prefer giving our tenant admins the option to create CA users themselves as needed, instead of having to come to us asking for a configuration change on the server. From my understanding, such a user could then be used for authentication from an Opencast compatible CA (e.g. Extron SMP, pyCA, Galicaster, etc.)
Creating a user via the admin UI is fairly straightforward, but for the authorization part one would need to add appropriate roles (or we would create a group role with all required permissions). Understandably, a plain user without any roles (besides the basic default set) does not get access to the relevant endpoints.
Could anyone point me in the right direction as to which roles are necessary for a fully working CA user?
Thanks
Maxime