I would like to submit a feature in the permissions of the rest API.
In our environment we have an Infra team who are responsible for the backup servers and they configure the jobs and we have Teams dedicated to serving customers. As each customer team has their own monitoring server they would like to use the Rest API to get the latest job status and failed jobs and stuff.
At the moment this information is only available with a user within Veeam that has full Admin permissions. If I give the teams a user account with admin permissions they can potentially remove jobs for other teams or restore VM's from other teams.
Some of our customers have sensitive data that the team serving them is only allowed to access, if someone from another team can change his permissions via the api they can access this data which will cause ISO certification issues.
It is however not a problem for them to see if jobs of other teams are successfull or fail so a "Read-only" permission would be more then sufficient.