Quoting Jasper over on a similar idea:
Every application that interacts with the Thinkwise API does so in the context of a (physical or system) user, so this statement is not correct. In addition, we strongly recommend to always limit the access rights for all types of users as much as possible (principle of least privilege).
Having the client application have less rights to an application will reduce the size of the OpenAPI document. Is there a particular reason to why the client application has many granted rights?
Uh yeah, when you build your own custom frontend on top of thinkwise that are used by power-users..It's not just client applications, it's custom front-ends, it's extended integrations using preview components that inherit user profiles.. power users can have a very big set of rights. And also in these scenario's it can be handy to load the API definition in Postman.Insomnia, etc.. So yeah, the rights are correct, but you only need a special subset to develop a custom page or something.
The following idea has been merged into this idea:
All the votes have been transferred into this idea.
This idea has been implemented in the latest release.