When assigning a custom role through New member defaults, we would like the custom role to be able to have the privileges for “Generate API keys” (portal:user:generateApiTokens) and “Assign privileges to OAuth 2.0 applications” (portal:user:assignPrivilegesToApps).
These are not admin privileges, which has been cited as the reason other privileges, like the ability to create Shared Update groups or link to SAML groups, are not compatible with New member defaults.
This would enable our users to manage their own apps’ authentication and privileges.
Our current workaround is to have a schedule task that checks for new users. When it finds a new user that was assigned a custom role without those privileges by New member defaults, it then changes their role to a custom role that includes that privilege (and other privileges that are not compatible with New member defaults.)
(This is related to Make ‘create group with update capabilities’ a non-admin privilege.)
