cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Group-based permissions management

Vakho
Helper

Hi Folks, 
 How do you manage your group policy for the Departments? 
For instance, are you limiting the Database department to see only DB hosts with Statements and Queries? 
Let's share some thoughts about it. 

My manage access for DB team is next: 

 

Account permissions
View account


Environment permissions

View environment

View logs


Management zone permissions

No permissions

Policies

Account policies
Settings Reader

Storage All System Data Read

Storage Default Monitoring Read

Storage Entities Read

Storage Events Read

Storage Logs Read

Storage Metrics Read

Storage Spans Read


Environment policies

No policies

Am I missing something based on your experience? or should I consider anything else? 
Thanks. 

3 REPLIES 3

ChadTurner
DynaMight Legend
DynaMight Legend

We grant access based off the groups to ensure each team/group sees the data particular to their scope. For Example, EasyTravel Team gets to see everything in Management Zone Easy Travel

-Chad

michiel_otten
Mentor

In addition to this: you can use Management zones to allow people to read data and also get the right alerting.

 

Next to that  you can set up specific access rights to allow people to do certain tasks or change settings. 

I would suggest to be very specific whilst creating these extra policies.

If your DB team shouldn't see everything, make sure to only grant them permissions to a certain predefined management zone.

#Performance matter!

Vakho
Helper

Thank you @ChadTurner  and @michiel_otten 
I've played around with the policies and seems it has very flexible possibilities with the permissions. 
Still playing 😄 If I will came across something interesting I will share it with the community for sure. 

Featured Posts