Since role based access control is a massive request that will take lots of tooling to (someday?) deliver, I would like to request a feature that might be easier to deliver in the meantime.
Please add a feature that will allow delegates to be assigned to nodes or applications. I'm thinking of people who need read access to NPM, SAM, VMAN, and/or other modules--but who also need some degree of admin rights over specific nodes or applications.
A delegate would have their primary Orion permissions assigned at the account level. They would then have the following privileges on any object that they have been assigned as a delegate for:
- Mute and unmute alerts
- Acknowledge and add notes to alerts
These two sets of permissions would satisfy 90% of our need for RBAC in Orion. At this level, the following two would be gravy:
- Unmanage and remanage the object
- Admin rights over that object in Orion (full edit node/application)
We could get more specific, but I want to leave it at that, in hopes that even just the top two privs (mute/unmute and acknowledge alerts) might be feasible. As always, thanks!