Service accounts
This adds the concept of "service accounts" to castellum. Those are just regular user accounts with few key differences:
- they can be controlled by other users
- their effective permissions are the intersection of their own permissions and those of the controller
- this also means that their effective privacy level is the minimum of their own privacy level and that of the controller
- the single exception is
access_study
: service accounts can access all studies that the controller can access - if a service account is currently not controlled, it does not have any permissions
- the controller is mentioned in monitoring logs
- they cannot be added as study members
The idea is to use these accounts for API access. By linking it to a regular user, we still have full accountability.
By combining this with !1986 (merged) it is possible to create general domains that can be accessed by a service account but not by regular users (assuming we do not use the same intersection we use for permissions).