Use RBAC to set permissions to scripted actions

It would be nice to be able to set various scripts to only be accessible to some people.  We have a number of customs scripts that we run, but can currently give all or none access.  For instance, it would be helpful to only give access to some groups to certain scripts.  Help Desk personnel can run scripts, 1, 3 and 11, but Desktop personnel can run 1,2,3,4,5 and 11.  

This would give the various levels of support the ability to remedy issues without having access to more than they should.

3

Comments (2 comments)

Avatar
DStephenson

Welcome to the community, William Lundie 🙂!

+1 for this idea.

I know there are similar ideas that revolve around this idea that may benefit from being implemented at the same time.

Permissions exclusions and more granularity – Nerdio Help Center (getnerdio.com)
Add Account Groups – Nerdio Help Center (getnerdio.com)

Maybe we can utilize GDAP permissions to give certain roles access only to the clients they have access to?

I know we can set approvals/notifications/blocks before engineers do certain destructive tasks, but having scripted actions work more like Access-Based Enumeration gives us the ability to be more granular in what we have our different tiers of technicians doing.

0
Avatar
Marcos Artiaga

Hi William Lundie. I agree this feature would be a good thing to have. Hopefully we will see it in a future release. In the meantime, I think using approval workflows might at least get you some of what you are looking for. Here's an example:

I create a task category called "Run scripted actions"

I then create an approval workflow to require my help desk agents to get approval from a higher-level admin when they execute the script

This does add some administrative overhead, but it would give you some control over techs ability to run scripts.

1

Please sign in to leave a comment.