User Role - More Ganularity

Is it possible to assign a role that enable the user to execute policies, but not allow them to add/delete/edit policies?

It would also be helpful to assign permissions based on Group membership or some other construct where devices belong to an organisational unit. - For example, delegating controls to a regional IT team, or to a team that supports end-user devices, but should not be able to manage servers.

4 Likes

Hey, Andrew - those are solid ideas. I’ve been going through our feature requests & didn’t see anything related, so I’ll pass this along to our Product/feedback team(s). You can also submit feature requests directly right here, if you prefer.

@Andrew_Read - after sending this over yesterday, I got this reply from our SE team: “…As far as bifurcating the environments, the customer could achieve this with the multi-org capability we have today: they would have the servers in one organization with the accompanying policies and users to manage them, and workstations their respective IT admins in the other organization and they will be mutually exclusive.” – so maybe that can help for part of this, but we’re working on it!

Thanks for looking into this. To avoid complexity, I’ll take a pass on bifurcating our environments.

I’ve submitted the feature request via the link provided now.

1 Like