we have security guidelines that requires us to set BIOS passwords and ensure booting from CDROM and USB is disabled. We can verify those settings using redfish (we do not need to see the actual password, we jsut need to see that a password is set). Unfortunately this seems to require Operator privileges which we definitely do not want to use here.
So my feature request is to add a Role that may READ but not MODIFY BIOS settings.
Or is there already a way to read-only access the settings and we are just missing it?
If you search for '"Entity": "Bios"', GET and PATCH are assigned "Login" (which is a privilege ReadOnly has), and other methods like PATCH require the "ConfigureComponents" privilege (which is a privilege Operator has, but not ReadOnly).