Is it possible to achieve data level security in SAM? For example, if I have multiple groups, is it possible to make one user only as an admin of a Group and its children and so on?
You can make it so a user only has access to groups using their account restrictions, but they will lose access and visibility into any other nodes. You do not have the option to, for example, say a user can see all nodes but only admin some of them.
See this part of the admin guide
Restrict user access to network areas by applying limitations
-Marc Netterfield
Loop1 Systems: SolarWinds Training and Professional Services
So, if I add a Limitation, say, a Single Group, will the user be able to see only that group and all its children, including the nodes in it, alerts on it and so on?
Also, it doesn't let me choose which Group?
For the most part yes, there are a few pieces of Orion that seem to be missing from group limitations such as Virtual Hosts and such if they are not being monitored as nodes, or storage objects from SRM, but overall the effect is to make it so you only see objects and child objects within the specified group.
I do want to mention that I heard from another engineer last week that they had to open a case regarding unexpected behaviors around using group based limitations and SW confirmed it was a known issue since NPM 12.01 that was supposed to be fixed in the 12.2 release. Personally I normally used custom properties for my account filters so I have not seen the issue myself so can't give more info. Here is some info on how to use the Account Limitation Builder tool on the server to add custom properties to the list of available account filters.
Create limitations based on custom properties
Thank you very much.
