Creating a User and Group with Access to Opsi-Configed for Helpdesk Tasks

[thinkabout]

1. To create the group opsireadonlys with a specific GID (998), run the following command:
groupadd -g 998 opsireadonlys

2. Create the user testuser and add to the group

useradd -m -s /bin/nologin testuser
sudo passwd testuser
usermod -aG opsireadonlys testuser

3. Granting Access to opsi-configed (Help wanted on this point)
Ensure the user testuser has access to opsi-configed to perform helpdesk tasks and manage client software (installation and removal).

Update:

I edited the /etc/opsi/opsi.conf file and added opsireadonlys to the readonly="" entry.

However, when I try to connect, I encounter the following pop-up message:

"Check for activation issues."
Error: Permission.modules.clientcount.warning

Additionally, the log file shows the following errors:

2025-03-10 11:15:11.772 Opsi service error: OpsiServicePermissionError Opsi service permission error: No permission for method 'product_getObjects'
2025-03-10 11:15:11.792 Opsi service error: OpsiServicePermissionError Opsi service permission error: No permission for method 'productOnDepot_getObjects'
2025-03-10 11:15:11.813 Opsi service error: OpsiServicePermissionError Opsi service permission error: No permission for method 'productProperty_getObjects'
2025-03-10 11:15:11.834 Opsi service error: OpsiServicePermissionError Opsi service permission error: No permission for method 'productDependency_getObjects'
2025-03-10 11:15:12.033 Opsi service error: OpsiServicePermissionError Opsi service permission error: No permission for method 'config_updateObjects'
2025-03-10 11:15:12.071 An unexpected error occurred. Cannot invoke "java.util.List.iterator()" because the return value of "de.uib.opsidatamodel.serverdata.dataservice.ConfigDataService.getOpsiclientdExtraEvents()" is null
Please check the log file.


Do I need a license to use the "readonly" functionality, or is there something else I need to configure?