Where can I find what permissions are required to use API Gateway?
For example what permissions do I need to call /rest/v1/cameraGroups?
That endpoint works with permission “Management Server > Read”, however docs for that permission says that “This permission is a highly privileged administrative permission that gives significant access rights to the XProtect VMS, including access to sensitive data such as credentials configured in the system.”
Is there a less privileged permission that will allow to call /rest/v1/cameraGroups?
The question, where it pertains to camera groups, has been asked not too long ago, and the situation for the released versions of XProtect is described..
https://developer.milestonesys.com/s/question/0D53X0000DMO0f2SQD/permissions-needed-to-call-apirestv1cameragroups
Some time has passed since then and I have good news to share.
Starting in 2024R1 the functionality has been changed. When you ask for camera groups an evaluation will take place server side, you will get the camera groups that contains cameras for which you have permissions (read permission on the camera). It follows that you will not get camera groups that contains no cameras for which you have permissions. By giving the role permissions to cameras you control which cameras can be seen but also which camera groups.
On a general note the rule should be that if you have permission the Rest API / API Gateway you will get the object you are querying for. If you run into an example where this does not seem to be the case, like camera groups, I think you should make a post here in the Developer Forum, and we can investigate into the details.