Hi, I tried to find that in the documentation but could not find the answer.
When an agent is "registering " itself to the server and sending the inventory and then metrics, It uses a username. By default hqadmin. The documentation says : Supply the username of an HQ user with sufficient permissions to create resources in HQ. The HQ administrator has such permissions
Of course, I don't want the Hqadmin password written somewhere in the agent, for security reasons. So I created a hqagent user and then created a role Agent. But I have tried multiple configuration and couldn't find the correct set of permission for this user and the newly installed agent would just not work.
I did a little research on your question, and this is what I learned (and will document accordingly):
A login from the HQ Agent to the HQ Server is only required during the initial configuration of the HQ Agent. The permissions required on the HQ Server for this initialization are Create for Platforms. One need not even give View permissions to the login used.
Please let me know if you have any more questions.