I dug around a little bit but was unable to really find an answer on this question. I'm trying to create some user accounts that can manage user accounts, but not have access to other features such as manage/unmanage objects. I see that the only way to manipulate user accounts is to allow the user to have Administrator Rights, however, is there a way to create a method to facilitate the problem I'm having? I would like to be able to give a set of users the ability to create user accounts, and set passwords.
New to the community - thanks for any input!
EDIT: This is in regards to NPM.
I don't think that's possible if you give a user the ability to create accounts then he can edit accounts which means he can edit his own account to give himself access to manage/unmanage nodes even if you create an AD group you would need to give the group admin rights to get into settings and manage accounts.
as a workaround for you (its our security model): use AD groups as a way of controlling your users and that way you can limit those "admins" to have rights to manage those security groups.
This is a great suggestion. I'll see if this will take care of the issue we're facing.
Ideally we want our customer service team to be able to facilitate customer facing logins without actually manipulating any other settings on the NPM platform.
Has the awesome plus that when the Auditor cometh I tell them that HR takes care of ensuring access rights are revoked on separation and they go pester them for artifacts
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.