You can create separate Permission Groups for API users so that your scripts and keys can have different permission levels just like your People.
Accessing the API user page
Go to your Admin Menu and select Permissions - Scripts.
Refer to the Permissions page for usage.
How to use API user permission groups
Once you have created API permissions groups beyond the initial API Admin, you can use them for your API scripts.
- From the Admin menu, select "Scripts."
- Display the Permission Group column and select the appropriate Permission Group.
So why would you use this? There are many potential uses, but here are a couple to get you thinking:
Example 1: You want to give an API key to someone in your studio who should not have full Admin privileges.
Example 2: You want to give a read-only API key to a partner studio to perform a one-way sync from your Shotgun database to their Shotgun Database, and only expose a limited entity set.
Example 3: You want to restrict API scripts per project.
- Navigate to your Permissions - Scripts page via the Admin menu and create a new role. Make sure the "See Assigned Projects Only" advanced permission is enabled. You can also tweak any other permissions needed (e.g. if you only wanted them to have Read access on certain entities/fields).
- Navigate to the Scripts page via the Admin menu. Expose the "Projects" field. Here you can enter in Projects to restrict the script's scope to.
- Make sure to assign that script permission to the new one created in step 1, via the "Permission Group" field.