So you want to create a dashboard and provide IT management data such as status of services, events, trouble tickets, etc. to your internal/external customers. Problem is that you have a shared infrastructure, the tools you are using contains management information for all customers, and many management tools out there in the wild do not provide a mechanism to control who should have access to what, who should be able to do what, etc.
Typically most tools do provide a way to filter events, but event based filtering is often not enough. For example, if you want to provide data about network devices (containment, etc.) to the customers, you also need to be able to provide access to some devices and not others.
And what if you want the users be able to take some actions? For example, how can you control, which users can acknowledge or update an event and which cannot? In addition, how do you do all this, if there are multiple management tools with varying degrees of authorization control?
We have seen several dashboard projects plagued by the authorization issues. Typical workarounds are to implement a separate server for each customer, or to show only the events and not provide the device information. Neither are good solutions.
RapidOSS is designed ground up with an object based authorization system. The user groups are assigned inclusive filters. The filters can use properties of the managed objects in the matching criteria (CustomerID=ACME or Location=*Boston*, etc. ) and the members of the group would only have access to the objects that match the defined filters. There is also a mechanism to control which users can take which actions from the UI. For example, it's possible to allow a group of users (operators?) to acknowledge or take ownership of an event, where users may only be able to view the event, or just add a comment.
