Non-Administrator Users Unable To Manage Resource Threshold
Hello, Can someone please help with a simple question. How can I enable a user to manage Alert Thresholds at the resource level without granting them the Administrator Role? We attempted to create a Role Group and selected the Manage option for a specific resource, but encountered a "Permission Denied" error. Additionally, we tried configuring the Role Group by going to Settings > Alert Settings and checking all the boxes, but still received a "Permission Denied" error when attempting to save the threshold. Getting error upon saving the threshold "Permission Denied". Any guidance on resolving this would be greatly appreciated. Thanks AshishSolved114Views1like6CommentsLogicMonitor Portal Security
These articles: https://techcrunch.com/2023/08/31/logicmonitor-customers-hit-by-hackers-because-of-default-passwords/?guccounter=1 https://www.bleepingcomputer.com/news/security/logicmonitor-customers-hacked-in-reported-ransomware-attacks/ ...indicate that some LogicMonitor accounts may have had weak default passwords applied and become compromised. Until we have an official word from LogicMonitor, may I suggest that all LogicMonitor administrators: Delete or suspend any users that should not be in your system Ensurethat no “out of the box” accounts are Active (including the lmsupport account) You should set this account to “Suspended” until we have word that this account is not affected Note that unless this account is Active, LogicMonitor Support cannot access your portal Enable2FA for ALL users I mean,you did that already, right? RIGHT? IMPORTANT: You need to do this for administrator users,even ifyou have SSO Ensure that any user that has not logged in recently (say for 60 days) is either deleted or set to Suspended IMPORTANT:Revoke administrator/manager rights from anyone that does not absolutely need them The recommendation is 2 users per LogicMonitor portal If you don’t recognise a user, seriously consider setting it to Suspended Be cautious of System Integration accounts - you may disrupt these if you are not careful If a system has access, ensure that this via an API user, not an Access Token on a named person. I will update this post with other suggestions as they are made.Solved1.2KViews20likes8Comments