To be able to "act on behalf" and not to be forced to switch technology stacks( REST/SOAP), it would be great to have some kind of impersonation capability in the SDM REST webservices available, the same way as it is available in the SAOP webservices.
Currently it is not possible to switch the user context within the REST webservice.
and customers might need to go the route through SOAP services like described here.
The SOAP webservices do support impersonating, as well as a proxy user, as well as some kind of quotas, through SOAP Webservice policies.
The same approach for the REST webservices is in need, especially when you think about modern apps and interfaces, and it would harmonize the different capabailities of REST and SOAP.
While the REST webservice do support to generate bopsid's, these can only be generated for the actual rest context user. Maybe a first sufficient approach might be the ability to specify the user , for whom the bopsid will be created.
Of course this needs to be restricted to privileged users.