@require_admin too restrictive for some TM1py functions

[adscheevel]

Some tm1py functions like get_message_log_entries have the @require_admin wrapper, but the rest call made by the function only requires OperationsAdmin level on the server. I think we should add an is_operations_admin connection property similar to is_admin and modify any functions that only require OperationsAdmin to test that property instead. It's possible there are functions that would be accessible to a DataAdmin as well, but I don't have an example right now.

Taking this a step further, many security functions only require SecurityAdmin within TM1. Perhaps we need an is_security_admin property as well that would be True when the client is either a full admin or is in the SecurityAdmin group. I can imagine integration options with access request systems where I give them a python script to execute to make client/group changes and I'd only want that client to be a SecurityAdmin instead of full admin.

I propose 3 new connection properties to complement is_admin: is_operations_admin, is_data_admin, is_security_admin. A full admin would have True for all 4 properties for TM1py purposes, regardless if they're in the groups on the TM1 server. The SecurityAdmin and DataAdmin groups don't play nice together anyway.

I'll hopefully start some work on this in the next couple weeks.

[adscheevel]

Here's a list of TM1py functions currently with the @require_admin decorator and what level of admin access is required by the server to complete the action.

file	function	admin required
server	get_message_log_entries	ops
server	write_to_message_log	data
server	get_transaction_log_entries	data
server	get_audit_log_entries	data
server	get_last_process_message_from_messagelog	ops
server	get_static_configuration	ops
server	get_active_configuration	ops
server	update_static_configuration	ops
server	save_data	data
server	delete_persistent_feeders	data
server	start_performance_monitor	ops
server	stop_performance_monitor	ops
server	activate_audit_log	ops
server	deactivate_audit_log	ops
monitoring	disconnect_all_users	admin
monitoring	close_all_sessions	admin
security	create_user	security
security	create_group	security
security	update_user	security
security	delete_user	security
security	delete_group	security
security	add_user_to_groups	security
security	remove_user_from_group	security
security	security_refresh	admin
cube	delete	data
cube	update_storage_dimension_order	data
cube	load	data
cube	unload	data
cube	cube_save_data	data
element	_element_is_ancestor_ti	data
process	execute_ti_code	data
process	evaluate_boolean_ti_expression	data
process	evaluate_ti_expression	data
cell	clear	data,ops
cell	clear_with_mdx	data,ops
cell	write_through_unbound_process	data,ops
cell	write_through_blob	data,ops
cell	_execute_view_csv_use_blob	data,ops
cell	_execute_mdx_csv_use_blob	data,ops
hierarchy	update_or_create_hierarchy_from_dataframe	data,ops