I have two different problems with permisssions.
I'd like to search users with email addresses with my Api-User but the function core_user_get_users_by_field only returns users with "Email display"-setting set to "Allow everyone to see my email address". I've given Api-User the permissions moodle/user:viewdetails, moodle/user:viewhiddendetails, moodle/user:viewalldetails but it doesn't seem to be enough.
What permissions do I need to search the full user database with an email?
My other problem is with enrolling users to courses. The enrol_manual_enrol_users function returns error "You don't have the permission to assign this role (5) to this user (13) in this course(6)." Role 5 is "Student", user 13 is a fresh user created by Api-User and course 6 is pre-existing course.
What permissions do I need to enrol anyone to any course with role Teacher, Non-editing teacher or Student?