All users have Viewer permissions in the workspace, and viewer access to the report. The problem is that all of this does not work, and I receive the message below when I try the GenerateToken API :
{code: "InvalidRequest", message: "Only folder user with reshare permissions can generate embed token"}

If I give some user a higher privilege access, such as workspace member, it works. What does that mean? It is not possible to give only viewer permissions to embedded reports?  Our organisation doesnt like to use Member access as it allows the user to reshare.  

Is there a way of allowing the token to be generated using a account with the viewer permission?