How do we create a user that only has read only privileges to OpenAPI?

All supported DX NetOps Performance Management releases

OpenAPI by its very nature is read only.  We do not support create/delete/update operation using open API.  Any user that has access to the NetOps Portal has read only access using OpenAPI interface.  This includes the admin user.  OpenAPI does not support user roles, but it does support what a user can see.  For example, if a user has permission to see certain objects in the NetOps Portal, that is all he will see in OpenAPI.  Basically, the user will see all children of the groups he has access to.