si458
commented
3 weeks ago The is already an open issue/enhancement for this
(Will tag when I can find it)
It's not so simply adding a single device to multiple groups because of the way the code is in the backend and with the databases
MatinatorX
Is your feature request related to a problem? Please describe. Currently, the "sum" strategy of user consent permissions is not ideal for situations where certain users should not require consent and some should for devices within a specific device group. There is no good way to achieve this without affecting these users' permissions in other device groups as well. Using multiple groups can be a workaround in some situations, but this gets messy and unmanageable quite quickly. In our case, we have a large group of technicians, each with their own laptop, who want to support each other remotely. They would like no-consent remote access to their own laptops, but wish to enforce consent when accepting assistance from other technicians. As we have other device groups with different requirements (eg customer sites where consent is never required) I can't think of a good way to make this work in MeshCentral right now.
Describe the solution you'd like Ideally we would be able to set consent settings per user per device/device group (maybe a "custom consent policy" checkbox under user authorizations), but I understand overhauling the current permission system may be very difficult and complicate other things. While thinking on the issue, I realized a simpler solution (at least for our use case) might be to allow devices to exist in multiple device groups. This way, depending on the device group the device is being accessed from, different device group consent permissions could be applied.
Describe alternatives you've considered I've searched through open and closed issues looking for a solution and couldn't find one, but if I've missed something and a solution for this already exists, I would love to know!