Granular User Roles

It would be nice to see more granular user role access options, I would like to give some of our technicians access to drain hosts but not re-image/resize hosts. Currently those two are linked

0

Comments (7 comments)

Avatar
Dave Stephenson

Awesome idea, Rebecca Tier!

I've seen quite a few ideas around additional granular permissions, and I appreciate seeing your specific use-case.

Do you have any additional use-cases where additional granular permissions would help out your team with their day-to-day workflow from a least-privilege perspective?

1
Avatar
Rebecca Tier

Yes! I just ran into another one this morning. We have team members that need permissions to edit and add account level secure variables under Integrations, but no other settings in Integrations.

1
Avatar
Dave Stephenson

Hmm. That (sub-module permissions) could prove to be difficult to implement but could be really cool.
Perhaps we could split the "Integrations" into separate screens or possibly make it more plug and play where the Super Admin is able to create custom pages where they can choose what features/settings are available. 🤔
Sorry, I sometimes go down the "architect" route too soon in the process 🤓

Back to your request, out of curiosity, how granular are you wanting to go with the permissions?
Would you need to get to sub-sub-module permissions (i.e. access to create secure variables, but not override Inherited variable)?

0
Avatar
Marcos Artiaga

I agree with Dave, those are some great and interesting use cases. I would say in the meantime, have you started to use approval workflows to help put guardrails around some of those activities?

0
Avatar
Rebecca Tier

Dave, the custom pages might be a neat feature to allow admins to restrict what "users" can do for a client. 

 

Marcos, we have not but I am putting that on my to-do list today.

0
Avatar
Rebecca Tier

Something I just noticed is that I am not seeing workflow approval setting for the Integrations page. I see one for editing Azure/AD but not integrations :(

0
Avatar
Dave Stephenson

There is a bit of a disconnect between the options available in Workflows and Notifications.

Right now, there are significantly more options available in Notifications verses Workflows.
Until we're able to add more functionality, you may need to utilize the Notifications instead of the Workflows.
It's less guardrails, but it will still let you know when something changed so you can dig into it.

From what I saw (in my brief testing), we have every option available in the Integrations page as a Notification Task, but the same isn't true for Workflows.

(See GIFs below)

Notifications

 

Workflows

0

Please sign in to leave a comment.