We'd like to be able to give granular permissions to allow an administrative user with read-only access to also be able to clear failed commands.
Often if there are failed commands in the pipeline it clogs up and anything run afterward fails.
Is there a way to give permission to clear fails without giving full write-access?
You're in luck...I just got asked to grant that very thing. Basically those untrained on Jamf Pro here get auditor rights and the ability to create searches by default, but I was recently asked to consider revising our privileges to allow certain folks to perform certain tasks. As such, I know what you seek to grant well from your post.
What you would do is to create a user (or group), give Full Access (as opposed to Site only) and choose the privilege set "Custom". Then you would go to the Privileges tab, click on Jamf Pro Server Objects, I granted Read permissions down the line other than to Jamf Pro Users and Groups, Then I went to Jamf Pro Server Actions and granted the following: "Flush MDM Commands", "Send Blank Pushes to Mobile Devices", "Send Inventory Requests to Mobile Devices", "Enable Lost Mode (this doesn't allow viewing the location", "Send Mobile Device Restart Device Command", and "Send Mobile Device Shut Down Command".
Make sure you test all at the end.