To make it simpler to manage my Orion environment, I add most users using AD Groups. This works great until you want to enhance rights for a single user in that group. Usually that is just a temporary change where I want to revert the user back once they finish the project they are working on that requires the additional permissions.
Example: This weekend we have major work taking place in our main Data Center. None of our Orion Admins are available to "Pause all alert actions" while that work is taking place. By default, I do not grant that right to anyone but our Orion Admins. I would like to temporarily grant that right to one of the Orion Users, currently in an AD Group, and then revert that user back to the AD Group permissions after the weekend.
The process, according to SolarWinds Support, would be to remove the User's entry from the database and then add them back as an AD User. After the work is complete, then the AD User account would be removed so that the User is again logging in under the AD Group.
This used to be a much easier process and, I would guess that, it is now more difficult because of enhanced security of the platform.
As an Orion Admin, there should be a built in way to temporarily, or even permanently, grant additional rights to a specific User in an AD Group while continuing to have that user assigned the other rights that come with the AD Group. I am thinking that on the "Windows Groups" tab, the Group would have a dropdown (similar to that of Orion Groups) that lists the Users that have logged in under that Group. Then have the ability to Edit that single User's Account to alter the rights. Maybe even have an expiration date to allow temporary User level rights to revert back to AD level Group rights at expiration.