For some admins it may seem that he needs to grant the listed capabilities there to the assigned user so he can use the WebService but, that field, is merely informative and it does not have any real effect because the capabilities are check not in the global context but only in the context related to the WS params.
Apart from that, some capabilities not really required are listed there for some WebServices.
To summarise, we should:
- Review existing WS with that field set and remove the capabilities that are not really used withint a require_capability
- Reword the current services/token report so it does not reflect that those capabilities are mandatory at system level
Or, maybe, deprecate that field?
This issue was initially raised by David Mudrák (@mudrd8mz)