Request: Less Privileged NMM Updates

Thank you for your feature request—your input helps shape our roadmap.

Next steps:
     • We will review your request and update its status as it moves through the evaluation process.
     • If we need more details, we'll reach out in the comments.

We also welcome additional feedback and votes from the community.

I like the idea - it may be a bit challenging to implement on their side, but it gets my vote to at least explore and see what the level of effort would be.     That said, as a workaround, have you considered leveraging PIM to grant the elevated access temporarily?  It probably isn't the ‘right’ solution, because they still get unnecessary access to the partner tenant, unnecessary outside the scope of the upgrade that is.  I've heard from other partners at NerdioCon that some have created a designated account for the updates, and access to the credentials (via unrelated vault) is managed for ‘granting’ and ‘revoking’ that access as needed.  

You are very right thought, those are pretty high ranking roles.    In our case, they aren't frequent enough to warrant delegating the update out to other team members, so the team that holds the access in the first place - does the updates.

Requested the same in an earlier feature request.

https://nmmhelp.getnerdio.com/hc/en-us/community/posts/32782005445005-GA-role-for-Nerdio-Updates