Now that we're all forced to create users, I would like to create individual "user" accounts for all the applications I use that connect to Octoprint. First up: PrusaSlicer.
So two questions:
What is the minimum user permissions I need for PrusaSlicer to work correctly? As far as I can tell, I need permissions to upload files and to start printing, but I don't know what PrusaSlicer does in the background.
If it's not already possible, can we have a feature where a user account can only be accessed via the API key, and cannot actually be logged into? This would eliminate the need to specify a password, because there's no way to log into the account with that userid.
Would a better option be to create 'Application keys' for each of these things? They would then have the same permissions, but you can at least tell (I think) what is messing around, or revoke access to just one app.
In answer to your 1st question specifically, I would say whatever permissions you think it needs, are correct - and if you get a HTTP 403 (forbidden) error, then it needs a different one. In my view it shouldn't be doing anything else in the background you don't know of, so you're probably safe with 'File upload', 'File Select' and 'Print' permissions, or the 'operator' permission.
As for the 2nd question, that's where I think application keys comes in to it, which is pretty much what you want. Rather than creating extra user accounts, a better feature IMO would be to scope your AppKeys, if you still wanted to restrict different permissions.
Can I specify permissions on an API key? I was under the impression that permissions apply only to a user account, and the API keys are associated with the user and inherit its permissions.
Your understanding is correct, that is a badly worded way from me of redirecting your feature request to something more sensible/manageable - creating new users with no passwords seems like a workaround, rather than implementing the proper feature that would be scoped API keys in my opinion. Which would be a fairly large thing, but not beyond the scope of OctoPrint 2.0.0 IMO.
It'll get forgotten on the forums unless it is done today, which it is not so if you really want to see this, open a feature request.