I'm looking for the best way to allow a group of users unmanage applications in a scheduled fashion. We can also have them unmanage the node for the application but I dont want to let them edit the node as well.
Thanks - Andy
Have you tried granting those users the "SAM User Role" "Admin" permission, but not given them "Node Management" or Orion Administrator permissions?
That will work but I'd love to have the flexibility to allow them to unmanage but not allow them to edit the components.
Thank you!
Sounds like a good candidate for a Server & Application Monitor Feature Requests
Another approach that might work for this restricted-use scenario is to create a PowerShell script that has a context defined with Admin permissions using the Connect-Swis -UserName userName -Password password syntax, and takes the name of the Application as a parameter to unmanage the application. The PowerShell script can be configured with Execute-Only permissions -- this is somewhat tedious and complicated, so it may not be worth the effort. In short it involves placing the script in Task Scheduler with "Run As" permissions, and then granting the local (non-admin) user the ability to launch that task on-demand. The script, itself, is not readable to the local user, only to the "Run As" account specified in Task Scheduler, thus protecting the privileged credentials of the SAM account.
