add the ability to have multiple users
It would be benefical to have an admin account that can allow config changes to be made and also a "guest" user which could review the data that was collected but not modifiy the settings.
Richard, thank you for your feedback.
For version 3.0 we have gone with 3 pre-defined user roles (Administrator, Standard user and Read-only). Each role has a single password which can be shared amongst users of the same level.
If you would like to take a look at an early implementation of this feature, we have just released our 2nd public EAP (early access program) which you can download here http://www.red-gate.com/products/dba/sql-monitor/eap-download
Richard Line commented
Could permission groups be created within the system and and then apply to that group what objects (Instance, Database) are in it and what functions/ action can be done.
With the site being .Net can "Windows Authentication" be used rather than "Forms" as most of the permission group would already be groups in Active Directory. Will it also be based on the microsoft provider model so that we give access using a AD-FS provider for example as long as it matched the microsoft provider for either users or membership.
For example a SharePoint or Dynamics install may have mutliple SQL servers (Prod, QA, Dev) and multiple groups, SQL DBA, Dev DBA, App Support. It would then be possible to give access via the AD groups.
Don Ferguson commented
In addition to a modifier role, and a viewer role, I would request that roles could be controlled at the instance level. Note, I said instance not server. Single sign-on/AD integration would also be nice.
We now have some early designs for this feature which we plan to release in v3. If you'd like to have a sneak preview and give us some feedback on how well they fit your requirements, email firstname.lastname@example.org and I'll get back to you.
Thanks again for the comments
John Martin commented
I would be very interested in multiple user capability. Of real interest would be the capability to have an account that is only able to see the dashboard, this way you can display easily on a central screen without having an eleveated account logged in on an unlocked PC.
As mentioned earlier it would also be useful to be able to grant visibility to servers based on their groups, so UK support staff would see servers in the UK group and sub-groups.
Restricting access to the configuration sections to a single root user account would be my personal preference.
Thanks Niels and Brett for your feedback.
Not only consider two levels. (or more levels)
Also explore the option of having users and assigning them to certain servers or server groups. (So perhaps also implement a user group and have the ability to link users to user groups).
Example: For larger company’s you have, besides DBA’s, a large number of groups which you want to give access to only a limited number of servers.
Brett Estes commented
Would love to be able to link with active directory and grant rights accordingly.
Priya Sinha commented
Thanks a lot nhartman. This is really good information. As soon as we have more concrete ideas and designs .. I will post here.
This would be a major bonus as we would like to have some of our stakeholders and DB developers look at the monitoring but not have the ability to change certain settings. One way to setup user accounts is to have a "check list" of permissions that you can grant a user. Otherwise you could create just a few standard user accounts.
I believe the following user accounts and permissions would be sufficient.
Admin role - Can do anything
Developer/DBA role - Can mark as read and clear alerts, also I would like to limit viewing to just specific instances
Stakeholder/read only - Can only view information, also I would like to limit viewing to just specific instances.
Priya Sinha commented
Brian .. Thanks a lot for your feedback. We are considering this feature for V 3. It sounds like you want two main roles. Lets call it admin and read-only user. For read-only user, should they be allowed to do some functions such as comments, mark as read, clear etc? Or should they not have even these rights?
Also, would you also want to restrict rights of a particular user to particular server i.e. User 1 can only see Dev 1 and not Dev 2 and Dev 3 servers?