I proposed to my security manager to give Client Systems Technicians access to SolarWinds in order to see a filtered view of log messages (Port security violations) of the switch clusters they have customers hanging off of. They do not have the required security clearance/certifications to view the confidential information that is held within SolarWinds. I tested it out and noticed that if you manually type in a view into the address bar you can get to any view you want to. Granted, it would be a limited view to the switch clusters in their respective areas, but I certainly don't want them to see the full syslog and search for commands typed into my switches. They don't need to know about my 802.1p/QoS I'm placing on their customer's ports ... They already complain about YouTube and Imgur not loading fast enough. I don't want them to know why.
Is there a way to lock down accounts to specific, non-modifiable views? Maybe have it throw up an error message when they try to navigate away from that page? I'm just a network tech and don't know servers, websites and such...
