We're trying to use Conductor API calls conference.enumerate and participant.enumerate to, well, enumerate conferences and participants
However, the only way we can get these calls to work is to use an authenticationUser account with RW access. If we use a RO account, it returns 'authorization failed'.
The API Guide talks of using an authenticationUser account " ... with sufficient privilege for the operation being performed". I've searched high and low but can't find any documents anywhere that specify what privs are required for what API operations. All I can find is the following general guidance in the Adminstrator Guide:
"The access level of the administrator account:
- Read-write: allows all configuration information to be viewed and changed. This provides the same rights as the default admin account.
- Read-only: allows status and configuration information to be viewed only and not changed. Some pages, such as the Upgrade page, are blocked to read-only accounts."
I read that as, if you only want to 'look and not touch', then RO access ought to be sufficient. However, this doesn't appear to be the case in practice.
Am I missing something obvious here?
I can see how the documentation is misleading here. Unfortunately the 'read-only/read-write' applies only to web based access and not to the API. API access must be given with full permissions as there is no distinction made internally to the Conductor as to which commands are modifying state and which are only reading it.
I would recommend raising a feature request via your sales channel if you wish for this to be implemented.