We have created multiple groups in OC (per application or infra tech.) comprised of multiple devices, e.g., storage, backup, AD, database, etc.
We are now being requested by individual members to gain access in OC, for which we are planning to limit the access of each requestor, e.g., AD SME has access to only AD group and it's CIs, alarms, metric view, and doesn't get access to other groups. How can we achieve this?
We have done our AD/LDAP integration and created operator and admin groups.
Via IM, you need to associate ACLs/permissions for each LDAP group(s). Note that data visibility is controllable by granting or denying access by origin.
See also: related important documents on controlling OC access/features/views based on role, as well as ACL descriptions and their included permissions.
Account Admin Permissions
Roles and permissions