Web application is unusable by users with very limited permissions

[nomis]

If a user with very limited permissions tries to use the web interface in Firefox, all of the HTTP 400 errors cause the username and password to be forgotten and Firefox prompts for them again. This happens repeatedly.

The web interface needs to only make access requests that the user has permission for. If it's not possible to determine what permissions the user has then each section should only request data when it is selected.

[nomis]

Some notes on user configuration:

• It appears to be impossible to modify a user without also setting the password? DigestPassword is supposed to be optional but if it's omitted a 2054 (invalid password) response is returned
• If you create a user with audit log realm then the administrator loses audit log access and the ability to manage that user until they reconfigure themselves to not have this
  • I suspect that if you do this with an invalid digest password you need to re-provision AMT to fix it
  • There is no way to fix this with the web interface because non-admin users are assumed to not be able to modify any users

[nomis]

The minimum set of realms to login without an HTTP 400 error appears to be 6 (Storage) and 13 (General Information).

This is ok but I was hoping to reduce the amount of requests that are made.

It looks like the user can query their own realms with this access so it could be used to hide things that aren't relevant?