There will be an influx of users to be added to our subscription who I want to have very limited access to really only view the assets which they are going to be responsible for patching. We'll have specific groups of people responsible for each major asset group: Windows based servers, NIX based servers, and infrastructure (e.g. routers/switches/load balancers/etc). I want to ensure the Windows people can only search/run reports (they will have reader access only) on WINDOWS assets, NIX people can only search/run reports on NIX assets, and so on. I already have tags associated with each of these groupings but considering I cant provide access to a new user based upon a tag (only by asset group), is a custom solution leveraging the API really the best way?
My thought on the custom app would be to pull down a host list from the API based upon the tags for each group and then update a specific asset group with the results from the 'tag report'. Run this on some periodic basis and Im constantly updating a specific asset group for purposes of limiting access to server support groups.
Anyone else come across a similar situation? Was there something you did that was helpful and maybe more simple?
Thanks in advance!