Restriction of Tool Execution is currently mainly based on CI Types. This means that a user can execute a tool on any CI that he sees. A view-only mode is not possible. In larger environments where operators need to be able to see certain CIs to evaluate the big picture but are only allowed to execute tools on a subset of these CIs, this can not be enforced with the current settings.
The goal is that users responsible for application A can use system tools like “reboot server” only on servers that are part of the Application A topology (view) and not run the same tool against servers that are part of application B – while still being able to see events from application B (have the view for app B assigned).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.