We probably all know that the granularity of permissions to SolarWInds is not the best it could be - it seems it's an all or pretty much nothing (e.g. can't run reports without report management rights). But that's not what I'm discussing here, though it may also impact on that.
We have a new client we are onboarding, and part of the contract [sales teams ought to discuss aspects like this first, but that's another rant] is that the client gets access to SolarWinds. Only problem being is most of our other clients are also on our installation of SolarWinds, and we clearly don't want them to see that data. We have previously allowed internal teams to access client monitoring/data they are interested in by using dedicated AD groups and account limitations, but we've never let a client view their own data.
So question ...
How would you go about securing this - purely from a SolarWInds perspective? I say that because the actual "external" access is another concern that we will let the security boffins work out.
- they would need to only see their data
- this would be purely in a read only format
- one aid is that we already segment clients using custom properties and
- each client goes in to their own top level view
If it makes any difference, we are 99% sure that we will be using an APE - so, and here I'm purely thinking out loud, would a local account on the APE, along with account limitations work? Access would then be by issuing the APE IP as the URL to browse to.
And .... go.
