The preset list of roles is extremely basic and inadequate. It jumps from Reader to either System Integrator or Manager, depending on how you look at the "jump" hierarchy. The problem is, Reader is too limiting for what we want to give most of our engineers and consultants, but Manager and System Integrator are more permissive/dangerous than we want to give, too. Manager can delete entire client environments they have access to, which we do NOT want to allow; System Integrator can see our internal IT environment which needs to be blocked from almost everybody. For a point of reference, I have attached a spreadsheet of all the role permissions available in the CrowdStrike antivirus platform. There are 579 unique permissions you can cherry-pick and build custom roles that you want from, which allows for outstanding granularity. I don't expect anywhere near that level of granularity in Liongard, but what exists now is very insufficient. There should be permissions we can build a custom role from for at least some basic major functions such as the ability to allow one group of users to create, edit, and run inspectors, but not delete them, for example; or being able to configure a custom group defining which inspectors they are allowed to create and edit, but NOT allowing some of the more advanced inspectors to be created or edited; for instance, we may not want more junior personnel to be trying to follow some of the more advanced inspector setups on sensitive network equipment, but we're fine with them setting up "easy" inspectors by comparison such as the Cloudflare one. The reality of the current Liongard permissions preset groups is that it's close to being all or nothing, and there's a vast middle ground we need some control over.

Allow custom roles with an RBAC structure and a variety of relevant granular permissions so we can tune access to major features for all our employees and client technician logins.