Permissions for Datasource, Alert, and Escalation Chain Groups
As we move towards a DevOps model, we increasingly have a need for small teams to have full admin access to the tools they use to manage their IT services. When it comes to LogicMonitor, this has proven difficult with the existing role permission model. DevOps pods would like to be able to manage their own datasources, alerts, and escalation chains but this isn't possible unless we give them broad access rights to those areas, which could cause significant harm to other groups of monitoring users. For example, an inexperienced DevOps user could inadvertently modify a datasource that applies to all Windows devices or they could create an alert rule that causes alerts not to be delivered to other users. To solve this problem, I'd propose that LogicMonitor offer alert groups, escalation chain groups, along with the existing datasource groups. Then, LogicMonitor could provide the ability to restrict roles to manage these specific groups. DevOps pods could be given the ability to manage their own custom subset of datasources and set up their own alerts in a rule range after the main set of rules.5Views4likes1Comment
Create role for API only user
Problem I havea datasource that collects information from the LogicMonitor API. In order for this to work correctly I need a valid user on the LM platform with a valid API token. I can see two potential paths forward. Case 1 - Use my existing account as the datasource author with my API token. This has a big downside that if I have to leave the company for any number of reasons and my account gets disabled this datasource will stop working and is customer facing. This is probably not so good. Case 2 - Create a 'service account' inside LogicMonitor that can have its' own API token and if any one human needs to leave the company there really is not a big problem. The issue with this is that this user has a username and a password that can grant it access to the UI under all the permissions granted by the role but this account should/will never be used within the UI. This also generates a potential securityproblem because the password will most likely never be rotated because as long as the API user and token work this is simply going to sit there. Request Be able to create a new user type of 'API only' which will never have access to the UI and therefore you should not have to set any of the UI specific information for the account. This would remove the need for any of this information under that account: First/Last name/Email/Password/Force password change/2-factor/Phone/SMS/SMS Email format20Views1like3Comments
Allow Role Assignment to Nested Dashboards
I would like the option to assign view/manage role access to dashboards that exist within a dashboard group. We usewall mounted displays that cycle dashboards in a group for various clients using the slideshow feature. These displays are used by our support team so that they can keep an eye on clients at a high-level. We also want to provide a key contact at some of these client companies with view access to their respective dashboards. I see two ways to accomplish this currently: 1. We can clone the dashboard within the client dashboard group, then assign our client contactview access to the cloned dashboard. This allows us to keep the functionality of the dashboard group for our support team, but requires several duplicate dashboards. 2. We can skip the dashboard group and assign access for our support team and client contacts on a per-dashboard basis. This omits duplicate dashboards, but requires additional management of role permissions when creating new dashboards. Adding the ability to assign role permissions to nested dashboards would allow for simple access management for the support team, providing access to all dashboards within the "Clients" group, while also allowing one-off access to individual dashboards for client contacts without having to manage multiple dashboards per client. A simple toggle arrow (as is used in the Devices tree) could be implemented as a UI element to add this basic access management.3Views1like0CommentsExpand role view permissions to include SDT
I would like to propose that there be an additionalcolumn added to both theDevices and Servicesuser permission selectionto allow a user role to manage Scheduled Downtime. Our organization would like to allow application ownersto manage their own SDTs without giving saidgroup management rights to those devices or services inthe logic monitor console.4Views1like1Comment
