We would like to request an additional optional argument to shotgun API initialization so that when using the sudo_as_login method, we can choose to retain the script user's permissions. So it might look like this:
sg = Shotgun(SGsite.SERVER_PATH, SGsite.SCRIPT_NAME, SGsite.SCRIPT_KEY, sudo_as_login="joe.public", retain_permissions=True)
In this situation everything works exactly the same as before retain_permissions was set to True, except that following api calls will be working under the permissions of the script user, rather than under those of "joe.public".
The motivation for this request is that in order to prevent users from putting in bad data, we would like to remove broad permissions from "joe.public". But this means that he also cannot enter good data on the shotgun webpage. So we would provide him with a script-based tool that will do proper data validation and then use the above api to make the changes on the shotgun back-end.
As a result, in shotgun, the history on the changes would show that "joe.public" has made the changes, and the event log would show that it was really done through the script user.