Read-only API access?

[kitzy]

Server (please complete the following information):

• Snipe-IT Version v4.6.3 - build 3876 (master)
• OS: Ubuntu 16.04
• Web Server: Apache
• PHP Version 7.0.32-0ubuntu0.16.04.1

Is your feature request related to a problem? Please describe.
I'd like to create a user with read-only API access. As best as I can tell, the only way to get API access is to grant the Global: Super User permission, which gives the user full write and delete privileges as well. This is not ideal.

Describe the solution you'd like
I'd like to be able to give a user read-only permissions and access the API.

Additional context
I get a 403 error whenever attempting to use the API without Super User permissions.

[snipe]

@kitzy The API user adopts whatever permissions the user has. You can create a user, grant them only read access and API key access and then generate an API key for them.

[snipe]

Hi there - We haven't heard back in a bit, so I'm going to close this ticket for now, but will re-open it if you're still having issues.

[kitzy]

@snipe unfortunately that doesn't seem to work for us. I've attached a screenshot of the permissions of the group the API user is in. The user's permissions are set to inherit. If I switch that group over to Super Admin, the user can then make API calls, but this is not desirable. I'm sure I'm just missing something somewhere, but I don't know what.