cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Permissions to Modify settings for Specific Management Zones

shakib
Guide

I'm wondering how others have approached this. 

 

I want to make it so that some people can add automated tagging rules only to hosts on their management zones (as well as being able to modify host settings, etc.). 

The issue I'm running into is that if I allow the permission "Change monitoring settings" at the specific management zone for the user (inside Group management), it allows them to be able to go into host settings and modify those settings for hosts in their given management zone, but it does NOT allow them the ability to add automated tagging rules. 

 

So, I'm thinking of adding specific permissions into the policies which will get messy. If this is the right approach, I'm trying to create a policy that gives write access at the management zone level but I'm having issues with the syntax. 

For example:

ALLOW settings:objects:read, settings:objects:write, settings:schemas:read, settings:objects:read, environment:management-zone=;

1 REPLY 1

Malaik
DynaMight Champion
DynaMight Champion

Hi @shakib 

 

No way to give a partial admin to a specific users.

 

If needed you can open RFE for this and let the community make a vote.

 

Sharing Knowledge

Featured Posts