Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

User with less privileges than admin that can create API clients and handle uploaded files?

Rolf Sigurd LøvlandRolf Sigurd Løvland Tyro
in API

An admin user in Panopto can create API clients, and we are using a Server-side Web Application in Panopto to upload recordings from our self service studios.
Ideally the user that we use to log in our self service studios with should be a user with just the necessary privileges, like:
- searchUsers
- Get-personalfolder
- CreateFolderAndSetPerms
- PushUpload
- GetUploadStatus
- UpdateSessionOwner
but it looks like all of this is only possible as an admin.

This user does not need any delete content privileges either.

Are there any way to create a user with just these specific privileges, and not an admin user?
From our testing and the documentation it looks like only an admin user can do all of these things.

If not we would like to file this as a request.

From a security point of view this user should ideally have less privileges than admin.

Tagged:

Best Answers

  • Dan Gioia Panopto AdminDan Gioia Panopto Admin Tyro
    Answer ✓

    If I am recalling the permissions correctly, I think the stumbling block is the personal folder. Have you considered setting up a separate folder structure for your self service studio recordings?

  • Aishwarya HarpaleAishwarya Harpale Tyro
    Answer ✓

    Hello Rolf,

    For the specific set of operations that you want to perform using one single user, the admin role is the only role that would allow all these operations. If you want more granular control over these operations, you may create users with specific sets of roles and permit only a set of operations to those users. For that you may refer to the operation you want to perform and the permission needed for that operation and then create a user with that role.

    Ideally speaking, the searchUsers operation would not be permitted for a role lesser than an admin. You may file a feature request for this. In the mean time, this is one way to achieve your goal.

Sign In or Register to comment.