Special access right
Can I define a user that has right to define permission for users and only read permission for accessing to scripts and templates?
can you describe this scenario a bit so we can evaluate the possible future implementation?
There are no special exceptions when dealing with permissions and particular entity types. Everything works generally in the same way at this moment.
jsreport authorization extension implements permission rules evaluation and delegation with single object granularity. Every user previously created by authentication extension is only authorized to manage objects created by himself by default. If the user wants to share an object with another user he needs to explicitly set this up in the permissions form. jsreport can currently distinguish only between read and edit permissions where edit permission represents all operations including permission delegation.
If you need changes to this logic right now, you can do fork of the extension responsible for evaluating authorizations