From my other post:
https://community.canvaslms.com/t5/Canvas-Question-Forum/Granting-Admin-Permissions-to-Third-Party-I...

I want to check to see if there is any other way for a third-party integration (Dev Key / LTI 1.3 / Access Token / custom JavaScript) to be able to retrieve the logged in user's role if that user has an account admin role?  Does the "Permissions - Manage" permission have to be granted if the tool is using an admin level Access Token to be able to read end user Admin roles?  The tool vendor says they need that permission since their tool has different functionality for Admin users.

As a Canvas Admin, I am not comfortable granting such a high level permission which would essentially allow modifying any of our roles or creating new ones and giving FULL COMPLETE ADMIN access.  Seems highly insecure and against security best practices.  I understand the vendor's need but without a separation of "View" versus "Manage" on Permissions then I may have to reject this tool unless there is some other programmatic way the vendor could read account admin role without needing that permission.

Thank you for any suggestions regarding this!