Ideally this will be added https://bitbucket.org/xnejp03/serviio/issue/743/cds-api-access-groups-via-multiple-user
An alternative would be for the server to support an
The challenge is then to know which access group to request. Assuming the user of the device does not know the server password, then that can be used to verify the users ability to make changes.
When adding a server using automatic setup, read
:23423/rest/status and extract
<defaultAccessGroupId>1</defaultAccessGroupId> and use that to set the access group of the server. For manual setup, let the user choose, defaulting to 1.
If the user changes the access group from 2 to 1, then they must re-enter the server password.
http://developer.android.com/about/versions/android-4.3.html#RestrictedProfiles may also be useful.