There is no big hope of getting an answer here as I can't remember how many previous my posts are still not answered. But just in case.
I have such configuration when an user has read-only access to some shared object.
I need to allow for the user to do some restricted actions with that object, for example to add new raw to a spreadsheet.
Directly it is not possible as the user does not have write permissions to the resource.
I'm going to implement SOAP document handler which would get request from any authenticated user and perform another SOAP request posting it with another user authority.
For example, unprivileged user sends a request which contains new sheet raw data ("Cell1 value", "Cell2 value" ... ).
Document handler code receives the request, gets the data, adds the data to resultant sheet and puts it to new SOAP request.
Then it authenticates with proper user authentication details (one which has write permissions to the resource) by doing "login" HTTP request, gets SESSION cookie from the response, and performs another "SaveDocument" request with the cookie.
Though this approach looks working probably it is not the best (easiest, proper).
Thanks in advance.