Really you need to be an NPM full admin to have access to "Manage NCM Nodes"

Hi ,

Yes, in the current version of NCM you have to be full Orion admin to use the Manage NCM Nodes page.

Regards,

Jiri

This is indeed the case... And a horrible, HORRIBLE change!!!

SolarWinds:  Please revert this, and stop thinking that everyone should be an admin of the entire system with your merging of NPM and NCM - This is a terrible backtrack on security granularity and division of responsibility.  In small IT shops perhaps everyone is an admin of everything because they wear every hat, but in larger organizations there needs to be granular security.  Previously, I could have groups be full administrators of NCM but not NPM - This was ideal to allow them to manage their device configurations (NCM), without having to give them the full control over all the backend details & other aspects that exist solely in NPM.  e.g.  I don't need or want someone who needs to be able to fully manage a configuration, to also be able to add/modify/delete user accounts in NPM for instance.  These are not always the same people.

Please advise if there is a work-around.

Currently using NPM 10.6 and NCM 7.2.1

I agree.  In larger organizations, NPM would be controlled by System Admins or "Server people" and SQL Admins.  NCM would mostly be used fully by network personnel.  The "Network People" would not need full admin rights for the NPM application.  They should have NO control over other users.  System Admins should not be able to execute NCM commands either.  The same goes for SAM.  You shouldn't have to be an NPM admin to manage your server (i.e. SQL Admin).  All modules need to be separated as far as permissions are concerned.  It should never be assumed that roles are shared across modules.

I believe we're in agreement and have similar understanding on the concept & need of permission separation between modules, and I know we're not alone.

While it may vary from company to company on who should be the primary Admins of Orion, under the current model where the "add-on" modules to NPM (SAM and NCM primarily) are becoming more-and-more integrated but the permissions granularity hasn't kept up, it's almost becoming increasingly necessary to consider running separate instances of Orion as a result.  e.g. An instance of NPM & NCM for the "network folk" and/or "security folk", NPM & SAM for the "server folk", etc.  - This of course is often cost prohibitive and more importantly, goes against having a unified view of the network holistically, with ease of "read" access to the various groups within IT while allowing the appropriate levels of management of applicable assets by those authorized groups without overstepping their individual span of control.

Fortunately for this particular matter, I have received word from Support that there are plans to rectify this admin requirement between NPM / NCM - While it may not be available for a bit, hopefully it will come to fruition and resolve the matter (look to NCM 7.3 & whatever the corresponding NPM version may be, sometime this year).  Until then, it may be necessary to either elevate privileges to people in order to allow them to operate as before, or an existing Orion (NPM) Admin must take on that NCM work.