On 2/2/2018 at 6:28 AM, Josh Jacques said:
I'd like to assign roles down to the server AND datasource level. As of right now I am only seeing an option to lock a role down to specific groups, but I'd like to have this opened up to where you could even select specific servers and specific datasources for those servers.
The specific use case is a consultant is helping out and I'd rather not give them access to everything in LogicMonitor, only the two servers they need to look at. I realize there are probably "workarounds" to accomplish this, but it would be a pain to have to move servers to different groups each time we wanted to do something like this.
We found this past week it is far worse than we originally thought. Even within a portal for a single company, it is not possible to provide access to different teams by role to delete a device based on group membership, even though that group is marked for Manage within the user's role. Delete is blocked if the device also exists in some other group they do not have Manage on, but this is very common as devices are placed in some groups for alert routing, location binding and so forth -- providing the same access to those is tantamount to full admin access. When we brought this behavior to support we got the canned "it is supposed to work that way, not a bug" response I am so fond of. As a result, we end up either having to make everyone admins or we have to handle those tasks for them. IMO, this is a bug, not a desirable feature, but here we are...
