By default all folders (including Team) and dashboards get Administrators access, that I have not found as yet, can be removed.
we have a large number of users who can access SCOM but we definitely want to limit access to Dashboard
Can someone point me /direct to process to manage folders and dashboards without Administrative access and group access and ONLY Named users for more granular view.
I agree with you. It should be more granular. Dashboard is first but second thing is doesn’t allow access to servers view. Of course you can use group in SCOM and create specific permissions for specific group in Active Directory but you can use only max 1000 group in SCOM. More than 1000 can cause performance problems… So better option will be create RBAC system in SquaredUp. Who has access to what computer. etc…
I think maybe the problem is that you have too many admins. You should restrict the admin group to only those who will be doing core changes to the SCOM infrastructure (updates, MP install…). Advanced (Mon) Ops, Authors do have a lot of power as well. Most users should only be Operators and then you can scope their access within SCOM, as this is where the security in SquaredUp come from.
As for the 1000 groups limitation, I’m too small to get even near there so outside my knowledge, however there’s the option of “Connected Management Groups” which may help?
Thank you Pascal,
we have SquaredUp linked to multiple places and systems. So, different access rights are required by multiple users and systems, and not only administrators.