How do you use cloud databases? Take the survey.

Read Only User - Why have any permissions on the Configuration Tab???

We are in the process of setting up / configuring components in SQL Monitor.  One area we were interested in is granting read only access to a defined server group for architects / developers so they could review things for the designated servers we grant access for.

Upon testing this functionality out we noticed certain functions and menus are available to the read only access that I think shouldn't be there.

Here is what I found and don't understand why you would allow view access to as well as the ability download log files.

As a read only user here is my experience on the config tab

MONITORING
Monitored Servers - GOOD:
Only able to see the servers I granted access to, also cannot even see the actions config on the right (blocked only for administrators)

VMware Hosts - GOOD
Blocked only for admins

Trace - OK
Read only
If it is a read only user why should they be able to even review this setting?  This is only for administrative use in my opinion.

Extended Events - GOOD
Blocked only for admins

Groups - BAD - Allows access to view all server names.

In our case we have two base monitors, one is for a remote data center so it only houses a few servers and my example was only granting access to these handful of servers in another data center.  In my testing I was able to flip between the two base monitors in the drop down and see all monitored servers by name
                 ** see server names that aren't in the designated group which we provided access
                 ** see availability group names
                 ** see database names

APPLICATION OPTIONS - GOOD
All blocked - Only for admins

ALERTS AND METRICS
Alert Settings - BAD
1.  I don't think a read only user should be able to see anything configure at an administrative level, not their role. 
2.  I don't think a read only user should see server names that aren't in their designated permissions list.

Notification Settings - BAD
Same as alert settings, why allow view access to this at all?

Custom Metrics - GOOD
Blocked only for admins

Data Purging - BAD
Why grant access to this for a read only user?

Licensing - GOOD
blocked only for admins

Diagnostics - TERRIBLE
Why allow a read only user the ability to download / retrieve log files?

In my opinion, the whole idea of a 'read only' user is to allow them view access to the metrics of the servers they were granted access to.  The 'read only' user shouldn't even be able to see the 'configuration' tab...and if they are...every link in there should be blocked.

Any feedback on why some of this access is viewed as good for a read only user I would love to hear your opinions.



Tagged:

Answers

  • Russell DRussell D Posts: 1,324 Diamond 5
    edited April 16, 2019 2:18PM
    I disagree that every tab should be blocked, or that the configuration tab should be hidden entirely.

    We also changed a huge amount of things surround this across a few minor versions of 9.

    I suggest you upgrade, downloading log files isn't possible anymore as a read only user for example:


    Notification alerts are no longer viewable to read only users, which I personally disagree with. Again it would help with some troubleshooting cases if read only users could view the email server being used, for example.

    Alert settings - Read only users cannot change alert settings., only view them. Hhow else would read only users know when to expect alerts to be raised? It makes a lot of sense to me to at least allow them to view the configuration so that they know whether an alert should have been raised, or if it is perhaps a red herring and the alert configuration might need changing (which only administrators can do). Otherwise the assumption you're making is that your administrators setup the alerts perfectly first time, and always have time to review them. 

    Groups - these are now correctly limited if you're using AD authentication.

    Trace - this serves as informational purposes only.

    Data Purging - again, informational purposes so that read only users can see what sort of time period they're expecting data to be present for.
    Have you visited our Help Centre?
  • talktoleetalktolee Posts: 3 Bronze 1
    I guess your view of a read-only user and mine differ on what I would expect their usage of the tool to be.  We have developers who want to see recent / trending / semi-historic details about processes / resources / etc.  They want to see blocking,

    They do not care about retention policy / email settings / logs / alert settings.  Even if they somehow did want to know, there comes the discussion of separation of duties and being able to access things they shouldn't see.

    Again maybe your view of how a read-only user would interact with this system is different from mine.  I don't think someone with that role should be able to access anything configuration related.  They don't need to know anything about the email server settings / or when an alert is getting fired off...that is for that administrators to determine.

    We do have a minor upgrade available, we just started using the Redgate Monitor product so we are still in the configuration phase.

    I appreciate your feedback.
  • Yeah everyones needs are different - we're just trying to fit the best overall case. Neither of us is right or wrong.

    It's entirely possible that we should lock this down further; we've just never been asked too. This is exactly the sort of feedback we need, if you want finer granularity over this please post it on https://sqlmonitor.uservoice.com/forums/91743-suggestions because we do use this to help gauge interest.
    Have you visited our Help Centre?
  • talktoleetalktolee Posts: 3 Bronze 1
    Hi Russell,

    Thanks for the link and the continued feedback, I will certainly hop over to that forum and leave some feedback.
Sign In or Register to comment.