cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Granular Node Management Rights.

Granular Node Management Rights.

There needs to be a simple way to assign users specific node management rights. For example, i have a group of users that i only want to be able to unmanage nodes, nothing more. There may be sophisticated ways of achieving this but it would be nice to have it built into the "Manage Accounts" section.

Thanks for considering this.

137 Comments
Level 15

We're starting to hear more and more requests for granular control of user rights. Before we can implement this, we need a full list of what rights are important to manage. The one mentioned in this idea is great, what else do y'all have?

A definite must...  Restriction of the ability to Delete Nodes.

Example... while a certain group of technicians needs to be allowed to add Nodes or change Node details, only a database administrator should be able to Delete Nodes.

Another granular limitation that I would like to see implemented is Poller assignment when a Node is created.  Our company has 4 Pollers and is looking to adopt a 5th and one problem that I see very frequently is that some of the techs will assign a new Node to an incorrect Poller.  Our Pollers are segregated by function within the network, and the 5th is scheduled to be an off site Poller to monitor a completely unique network from our own internal.

It would be nice to restrict what user accounts can assign devices to which Pollers in NPM.

Level 12

Okay, good thing this issue came up.

On granular user rights, specifically, I have a few needs..

Right now, I'd like to be able to give someone a view of a node, with specific interfaces they are able to see, and all messages directly related to *THOSE* interfaces.

That would mean filtering events, syslog, and traps, along with the "node details".

This is currently impossible in the current version.  I'd like to be able to assign also a set of views for users that belong to a certain class or 'group', for instance, I have primary views for internal customers (employees), vendors maybe, but external customers only get to see a very restricted subset of the information coming from any device(s) they have access to view.  In some cases, I might want to create a view collection for a class of user.  Right now it's very, very, manual, and there's things we can't do.  I can't show a node, unless I strip all the resources out of it, or there's leak.  Last I checked, full granular rights enforcement wasn't completely functional when it comes to things like Netflow, traps, and syslog, and interfaces is tricky, when there's a mix of nodes and interfaces, although it appears to work for whole nodes fairly decently.

For Tier 1, I want 0 write access to the application.  I don't even want them seeing the NCM tab.  For Tier 2, I'm looking for node provisioning capability (add node, specifically), but I don't want them to be able to delete anything, although allowing them to add/delete interfaces to a node would be useful, while not allowing them to delete a node, but allow add.

For customers, I want them to see their configs (NCM), Netflow, and any core device interfaces they may have, along with any CPE / ICMP monitors, but I don't want them to see NPM events that are not relevant to them (not for allowed resources).  Make sense?

I would like to see the ability for lower level users to be able to use the Manage Nodes page, but have no rights to edit existing Nodes.  The restricted rights tool "Search for Nodes" on the summary page is too slow and has too many options in the drop down menu due to a large number of Custom Properties.  The actual Manage Nodes page has a much faster response time and is overall easier to use.

I do not like having to limit users to using the "Search for Nodes" pane on the Summary page in order to prevent them from being able to edit Node information.

Thanks!

I would also like to see removal of the Unmanage Nodes function from the Manage Nodes page....  Ultimately, I think I'd like to see each of the functions available across the task bar OF the Manage Nodes screen to be assignable/deniable rights with a check box.

Level 14

All users should use the "Manage nodes" view for searching. This view has very user friendly search function. Also only admin users should change things (Delete, change poller etc.). Others just see. And some users (like technicians) can edit/add etc. but not delete.

Manage Nodes view are also good for the inventory tracking.

Level 9

We're Desperate for each for the node management functions to be enabled/disabled per account or group.

so 24/7 ops team can manage/unmanage as needed, and sysadmins can "edit node/volume" as fit.

also keen to restrict "delete node" function to just admins, as we've lost a few nodes in the past from misadventure!

This would go some way to reducing our cycle of empowering other tenants to be able to manage their own estate, before reigning in rights when they delete something they shouldn't have.

Level 8

This feature is very important to us,

because there are 500 solar users on my solarwinds System

These users frequently changing,

I would like to make this feature

Best regards

There are 27 upvotes for this topic and nothing from development indicating that it's being worked on.  In fact I see nothing on the feature requests section as being changed since 10.4.0 was released.  I do see a 10.4.1 available as a release candidate from the customer portal page, but the release notes only indicate that the update addresses specific bugs that have been submitted by customers.  Everything is listed by case number and has a relatively vague description of what it addresses.  Since the community does not have the ability to look at individual case numbers submitted, this is kind of useless to everyone as a whole.

Being that these items such as Granular Node Management Rights is such a critical issue for many enterprise customers, I would hope that SolarWinds would be taking them more seriously or working on them more aggressively.  I have a hard time justifying over 20K a year in just renewal fees for a product that constantly seems like it's in beta testing.  We need these issues addressed...  As the NPM manager, I find it frustrating to come across something that I personally audited 6 months ago and find that someone has deleted the node or its contents.  I want to eliminate the ability for anyone NOT an ADMIN from deleting or unmanaging Nodes all together.  I want my customer support team to be able to use the searching features from the Node Management page and not have the ability to edit or delete any information at all.

I think that the community has made it pretty clear that this item specifically NEEDS to be addressed sooner than later.  When is this item going to be flagged as "Being worked on" ???