API for admin to query materialized permissions
Requested by user:
They would like to synchronize permissions set in Arvados to another system. This system does not support OpenID, users will log in with LDAP and they can do a mapping between username and arvados uuid. However it is not convenient to generate and use Arvados tokens or do permission lookups on the fly.
Proposed solution is to have an admin API where the client can send a list of users and/or projects and get back the permissions associated with each user and/or project. This would make it possible to write a periodic synchronization task that gets the current permissions from Arvados for the set of users/projects of interest and applies them to the 3rd party system.