18 Jul 2023 07:20 PM - last edited on 19 Jul 2023 07:59 AM by MaciejNeumann
Hi Folks,
How do you manage your group policy for the Departments?
For instance, are you limiting the Database department to see only DB hosts with Statements and Queries?
Let's share some thoughts about it.
My manage access for DB team is next:
Account permissions
View account
Environment permissions
View environment
View logs
Management zone permissions
No permissions
Policies
Account policies
Settings Reader
Storage All System Data Read
Storage Default Monitoring Read
Storage Entities Read
Storage Events Read
Storage Logs Read
Storage Metrics Read
Storage Spans Read
Environment policies
No policies
Am I missing something based on your experience? or should I consider anything else?
Thanks.
Solved! Go to Solution.
08 Aug 2023 04:50 PM
We grant access based off the groups to ensure each team/group sees the data particular to their scope. For Example, EasyTravel Team gets to see everything in Management Zone Easy Travel
09 Aug 2023 07:51 PM
In addition to this: you can use Management zones to allow people to read data and also get the right alerting.
Next to that you can set up specific access rights to allow people to do certain tasks or change settings.
I would suggest to be very specific whilst creating these extra policies.
If your DB team shouldn't see everything, make sure to only grant them permissions to a certain predefined management zone.
09 Aug 2023 07:54 PM
Thank you @ChadTurner and @michiel_otten
I've played around with the policies and seems it has very flexible possibilities with the permissions.
Still playing 😄 If I will came across something interesting I will share it with the community for sure.