Solved: Group-based permissions management

Vakho · ‎18 Jul 2023

Hi Folks,
How do you manage your group policy for the Departments?
For instance, are you limiting the Database department to see only DB hosts with Statements and Queries?
Let's share some thoughts about it.

My manage access for DB team is next:

Account permissions
View account

Environment permissions

View environment

View logs

Management zone permissions
No permissions

Policies

Account policies
Settings Reader

Storage All System Data Read

Storage Default Monitoring Read

Storage Entities Read

Storage Events Read

Storage Logs Read

Storage Metrics Read

Storage Spans Read

Environment policies
No policies

Am I missing something based on your experience? or should I consider anything else?
Thanks.

ChadTurner · ‎08 Aug 2023

We grant access based off the groups to ensure each team/group sees the data particular to their scope. For Example, EasyTravel Team gets to see everything in Management Zone Easy Travel

-Chad

michiel_otten · ‎09 Aug 2023

In addition to this: you can use Management zones to allow people to read data and also get the right alerting.

Next to that you can set up specific access rights to allow people to do certain tasks or change settings.

I would suggest to be very specific whilst creating these extra policies.

If your DB team shouldn't see everything, make sure to only grant them permissions to a certain predefined management zone.

#Performance matter!

Vakho · ‎09 Aug 2023

Thank you @ChadTurner and @michiel_otten
I've played around with the policies and seems it has very flexible possibilities with the permissions.
Still playing 😄 If I will came across something interesting I will share it with the community for sure.