Hi,
I am setting up a Read Only group for developers to get access to a Production environment. As per security requirements; they should not be able to make any changes to any of the configuration - only read the configuration. I have managed to work out most of the _DENY_ permissions that are required to get this to work. The ones that I am struggling with are:
- Logs. Users should be able to view logs; but not enable/disable them. I can't seem to find the permission to make that happen. Seeing the authentication log; it seems opsclient permission gets checked; but DENY stops access the logs area completely.
- Codelists. Tricky one as developers should be able to reach the screen that lists all the codelists; but then not modify, or create new or delete any entries. The CLManager permission DENY would prevent access to the codelists completely.
So, any ideas on what the fine grained permissions need to be to support these requirements?
Regards,
Vivek