We allow all users to create groups in USM which allows them to categorize their own servers however they need. This seems to be a global level setting though and also comes with the ability to delete and modify groups. We are also using USM groups to define which monitoring profiles are deployed through MCS, which we do not want anyone but admins to be able to modify.
Ideally we would only allow users to create/modify groups within a certain container. Admins would have the same access as today. Is there a way to separate these permissions?
Try disabling the following permissions for the non-admin user group in ACL
USM Monitoring Configuration ServiceUSM Edit Monitoring TemplatesUSM Edit Monitoring Station Groups
Their access to monitoring is already restricted, my concern is over GROUPS. If a user can delete a group, then the monitoring will also go away.
Can you provide bit more details about the use case you have.
Sent from my iPhone
Assumed answered? So I guess that means no it cannot be done and this needs to be another enhancement request.
I think you are asking for the same thing that I put into an idea a couple of days ago.
Do you want to have some users with MCS access to some groups but not all?
Check the ideas , if so, and vote up!