Go to All Forums

Better User Grouping and Access Control

Was wondering if there is a way to add this to the roadmap...

Can we get User Groups and Alerting endpoints as distinct items?

Currently Usergroups are used for alerting endpoints but it not always true that everyone in a group needs or wants to get alerts.

Would be nice to have User-Groups be for segmenting users into roles (job functions) and have alert endpoints be specific to who should get alerting for specific monitors. For example, in our environment we have our Networking group but alerts should go to a mailing list not individual people. If we add our Networking people to the Networking group as well as the mailing list, they get double alerts.

As for access, would be nice to be able to assign roles with what can be done, so for example... we currently have SuperAdmins and Admins... We need to allow people to have admin access to Site24x7 so they can do things as admins but they can add new groups and all that stuff. Would be nice to have the option to create custom roles with specific allowances.   So like an Admin outside of the monitoring group would be able to admin all things pertaining to all checks but they would not be able to add new groups ... Maybe have a role that is between an Operator and an Admin...

Like (4) Reply
Replies (4)

Re: Better User Grouping and Access Control

Hello,

We're happy to inform you that we've now introduced monitor-group-level permissions for admin users.

With permissions at the monitor group level, you can provide admins with full permissions for a particular group of monitors. This allows the super admin to restrict access to resources created by others. This also helps in streamlining and controlling the monitor groups that each admin can access. 

An Admin with Group level access can edit/modify/delete the details related to profiles created by them, but will not have any permission to modify the profiles created by other admins. For instance, a user with admin user privileges and monitor group permissions can view and apply all profiles in Site24x7, such as the location, configuration, notification, email templates, and more, to monitors. However, they cannot edit or delete a profile created by other users. In a nutshell, group admins will have full permission only to the resources created by them. 

Thereby instead of a single member handling all responsibilities, each team member can take up the responsibility. Assigning an admin role with monitor-group-level access role can help in ensuring:
         

  • Efficient team level management

  • Confidentiality and security

  • More control over resources

Read our community post to know more about Admin with monitor-group-level access.

Like (0) Reply

Re: Re: Better User Grouping and Access Control

This is a step closer but still not efficient as it seems depend on grouping monitors then granting each user access to a certain group or groups of monitors.  What is ideal would be to have a new Global role between Admin and Operator that can do the same thing this new monitor-group-level permissions allows but at a global level rather than at a group level.

The reason for this in our case and I guess many other customers as well; is that we use the API to add monitors to Site24x7 during build time when we release new services that have a web presence and need a Site24x7 monitor but we only set grouping by type for the most part.  Most of the other groups were put in place back when we were using API calls to pull group information.

A question for this current setup, do we need to assign the user to a monitor group for this to work or not?

Like (0) Reply

Re: Re: Re: Better User Grouping and Access Control

Dear Framirez,
  To answer your question first...
>>>A question for this current setup, do we need to assign the user to a monitor group for this to work or not?
No, This is governed by the user side. In the user form, we need to set to which monitor group the user can have the "Admin" role.  
 
 
Not sure if we understood your case though...
 
In the current implementation, if you do not restrict an "Admin" user by assigning a "Monitor Group", the Admin does have access to all Monitors. Is this probably what you are looking for? :-) 
 
-Jasper
Site24x7 PM
Like (0) Reply

Re: Re: Re: Re: Better User Grouping and Access Control

SO what we need is what you have built out but on a global scale.  So we can have a roll between User and Admin that will only have Admin rights to monitors but will not require manual intervention should they change teams or are responsible for different monitors/monitor groups.

What you have implemented is a great move forward but it still depends on someone managing what users have access to instead of just having a new global role that is a set it and forget it.

Like (0) Reply

Was this post helpful?