Scope of can_configure permission in CHT

I am trying to create a non-admin user with the can_configure permission to push configuration thru cht-conf. I’ve found that this user can push app-settings but when it comes to other config e.g translations, forms, it fails with error 401 unauthorized.
I was hoping that the can_configure permission would allow a user to do this.

To help me work out what’s going on here it would be useful to know exactly which request is failing, for example, uploading translations makes several requests to complete the action. Could you provide the full output of running the command, including the successful steps and the stacktrace?

Also, does the user have any other permissions, or is it just can_configure and nothing else?

I think the edits to translations and forms is blocked by validate_doc_update:

Only couchdb admins can edit these types of docs.

To avoid this, I think API endpoints should be used for each of these actions, instead of accessing CouchDb directly with the user provided to cht-conf.

1 Like