I want to create customized user roles where users can have write access to actionable alerts but only read access to everything else. Currently, the system only allows forming environment groups or granting full access to an environment, which poses a security risk. It would be beneficial to have more granular control over user permissions to enhance security and flexibility.

I'd like to be assign more granular permissions than the current permission groups allow.

I would eventually expect to be able to create custom permission groups and toggle roles or individual permissions on or off for those groups. Ideally I would be able to clone existing groups (similar to cloning actionable alerts or other things in Liongard) so that I'd have a base to start from instead of creating a group completely from scratch.

I would like a group that does not have permisison to see alerts. This group would be used by clients only and would provide access to information they would not have otherwise. Some of the alerts are noisy and we do not want them questioning them.

Liongard doesn't seem to have good user management, such as adding groups and departments, per Anthony. It's not efficient to add each user and then add them to a role, when roles are generally assigned to groups.

Allow for the creation of groups and/or departments for better user management.

The RBAC is not granular enough

Really need to split the Admin permission level into something like Account owner and an admin. The admin account has automatic access to all environments. I also should not be required to have admin access to set up actionable alerts. This really need a through walk through on what types for techs are in the systems, how we suggest it might be used in the future, and also what the features and roles would look like. Least priv and need to know access.

I'd like to be able to create custom roles for users. It's currently only admin permissions or read-only. It's important to follow the principle of least privilege.

I would expect a button that lets me pick and choose individual permissions to delegate specific functions.

The preset list of roles is extremely basic and inadequate. It jumps from Reader to either System Integrator or Manager, depending on how you look at the "jump" hierarchy. The problem is, Reader is too limiting for what we want to give most of our engineers and consultants, but Manager and System Integrator are more permissive/dangerous than we want to give, too. Manager can delete entire client environments they have access to, which we do NOT want to allow; System Integrator can see our internal IT environment which needs to be blocked from almost everybody. For a point of reference, I have attached a spreadsheet of all the role permissions available in the CrowdStrike antivirus platform. There are 579 unique permissions you can cherry-pick and build custom roles that you want from, which allows for outstanding granularity. I don't expect anywhere near that level of granularity in Liongard, but what exists now is very insufficient. There should be permissions we can build a custom role from for at least some basic major functions such as the ability to allow one group of users to create, edit, and run inspectors, but not delete them, for example; or being able to configure a custom group defining which inspectors they are allowed to create and edit, but NOT allowing some of the more advanced inspectors to be created or edited; for instance, we may not want more junior personnel to be trying to follow some of the more advanced inspector setups on sensitive network equipment, but we're fine with them setting up "easy" inspectors by comparison such as the Cloudflare one. The reality of the current Liongard permissions preset groups is that it's close to being all or nothing, and there's a vast middle ground we need some control over.

Allow custom roles with an RBAC structure and a variety of relevant granular permissions so we can tune access to major features for all our employees and client technician logins.

Why is the edit settings in the Reader role? Reader role implies to have only reader permissions.

We need to have the ability to setup custom roles for example add a mix of permissions between reader role and some admin permissions

Right now there are only the four permission groups that don't give much customization. It would be great to be able to create custom groups that allow people to edit and not delete. Also to be able to limit more what they areas they can access. Where as right now it seems like permissions are all or nothing where people can edit/create/delete items from the portal or only read them.