A role in between user and operator for workshops and similar #6377
Description
Hello openQA!
We want to do an openQA workshop at the openSUSE conference and one of the little dealbreakers was that users who are not operators can't run openqa-clone-job. Which is crucial for development of test suites.
However, giving people "temporary" access to the operator on our openqa.opensuse.org instance would also mean that they can change machines, and test suites, and that can be damaging especially if all the info is not in git e.g. test suite definitions, machines.
Having an temporarily created elevated user who can call openqa-clone-job but is not able to alter machines/test suites would be much safer. This year, we'll simply allow workshop participants to use only apikey to our dummy user, however, we'd like to have this addressed in the future. Plan is to create such one-off elevated user before workshop and drop user after the workshop, so there would be no "security hole".
This user would also be a nice transition for somebody who wants to start contributing but is afraid to break something.
Alternatively, we could work on a private instance, but that's already a big wall to climb for a beginner.
The end goal is that we'd like to have more new operators coming from the community etc, but we do not want to put our instance in danger in workshop events. Only "trusted" users would get operator rights or above.
Also, any other ideas are highly welcome.
Thank you