We have an environment that is made up of many different departments. It would be awesome to be able to give specific users specific rights for specific groups. For example, it would be nice to allow the Database team to log into the LEM and see all of the logs for servers in the Database Server Group. As it stands, if we give a Database team member access to the LEM, they can see every log the LEM processes, which could potentially cause problems when absorbing logs from sensitive/PCI/personnel sources. I would not want a Financial person to be able to see/search the a director's internet traffic (pulled from the firewall) but would love to allow her to look at/search all of her server/client logs when troubleshooting issues.
