Open for Voting

Assign Delegates for Nodes and Applications ("Baby RBAC")

Since role based access control is a massive request that will take lots of tooling to (someday?) deliver, I would like to request a feature that might be easier to deliver in the meantime.

Please add a feature that will allow delegates to be assigned to nodes or applications. I'm thinking of people who need read access to NPM, SAM, VMAN, and/or other modules--but who also need some degree of admin rights over specific nodes or applications.

A delegate would have their primary Orion permissions assigned at the account level. They would then have the following privileges on any object that they have been assigned as a delegate for:

  • Mute and unmute alerts
  • Acknowledge and add notes to alerts

These two sets of permissions would satisfy 90% of our need for RBAC in Orion. At this level, the following two would be gravy:

  • Unmanage and remanage the object
  • Admin rights over that object in Orion (full edit node/application)

We could get more specific, but I want to leave it at that, in hopes that even just the top two privs (mute/unmute and acknowledge alerts) might be feasible. As always, thanks!