Forum Discussion

mnagel's avatar
Icon for Professor rankProfessor
5 years ago

need distinct RBAC control for groups versus group members

We have concluded after some time that using groups to manage SDT for clients is the only real option (compared to repetitive manual effort by our clients) and realized we can grant manager access to "SDT groups" to allow clients to add/remove devices on their own.  Except.... this also means they could remove the group itself.  We need to be able to apply RBAC controls to group members only with the parent group protected from change or deletion.