benbasscom
commented
5 years ago This feature, as well as preventing some users from creating packs, but allowing ad-hoc queries would be very useful as well.
Open chunyong-lin opened 5 years ago
benbasscom
commented
5 years ago This feature, as well as preventing some users from creating packs, but allowing ad-hoc queries would be very useful as well.
jalseth
commented
5 years ago Agreed. I'd take this a step further and add the ability to create custom user groups that can have X Y and/or Z privileges inside of the Fleet UI and API. It would be even better if these user groups could be linked to attributes from SAML.
Fleet server currently provisions only two roles within the web application: an administrator and a non-administrator. And both roles has permission to Ad-Hoc query against any endpoints.
In some cases, there will be different teams access the Fleet server and we would like to have more comprehensive authorization to allow certain user groups to query certain (group of) endpoints.