08 Nov 2022 03:06 PM - last edited on 09 Nov 2022 01:53 AM by MaciejNeumann
I'm wondering how others have approached this.
I want to make it so that some people can add automated tagging rules only to hosts on their management zones (as well as being able to modify host settings, etc.).
The issue I'm running into is that if I allow the permission "Change monitoring settings" at the specific management zone for the user (inside Group management), it allows them to be able to go into host settings and modify those settings for hosts in their given management zone, but it does NOT allow them the ability to add automated tagging rules.
So, I'm thinking of adding specific permissions into the policies which will get messy. If this is the right approach, I'm trying to create a policy that gives write access at the management zone level but I'm having issues with the syntax.
ALLOW settings:objects:read, settings:objects:write, settings:schemas:read, settings:objects:read, environment:management-zone=;
Solved! Go to Solution.