At present USM groups can be assigned to an account, and thus be visible by account contacts. However we would like some lower level groups in USM to be only visible to certain contact users within an account.
e.g. We have an account ACME
Users in ACME are
customer (ACL: ACME_customer)
operator (ACL: ACME_ops)
engineer (ACL: ACME_super)
We have groups in USM as follows
ACME (Account: ACME)
-- -- Payroll
-- -- SQL
-- -- Windows
-- -- UNIX
-- -- Windows
-- -- -- Default
-- -- -- SQL
-- -- -- Exchange
We want the following visibility
customer - Only Apps and lower level (e.g. Apps\SQL)
operator - as above + Devices tree
engineer - only Devices and Monitoring
To facilitate this, we would like to see USM groups have an additional field, containing a list of ACL's that the group is visible to, with a default entry of blank meaning all ACL's.
e.g.Group creation would have
Visibility could either be a freeform field, or a list picker dialog, with a standard left\right visibile\hidden list
This would also allow us to have a "publish" mode for USM groups - we could create groups with a very restricted ACL list, confirm the layout and queries are as expected, and then remove ACL's to make them available to all - at present the groups are visible immediately upon creation, which can confuse some users of the USM portlet.
An enhancement to this would be a new ACL item which ignored the new visibility criteria, so super users or administrators would always see USM groups regardless of the ACL values in the Visibility field.