Congratulations on R36 Eramba! Visualizations is a big step in the right direction. Our initial review revealed a need to group users so we can easily associate a visualization enabled attribute easily with them easily. Here is an example.
Mike, Kathryn, Bob, and Amy are all members of IT Assurance. They need to see all risks, compliance items, security services, and so on. Mike and Amy are not to be trusted with admin privileges, so we cannot simply put the whole group in admin. We also don’t want to exempt Mike, Kathryn, Bob, and Amy from all visualizations because there is a super secret group called ProjectX, that is part of our company, that group needs to restrict Mike, Kathryn, Bob, and Amy from viewing some or all of their risks, compliance items, security services, and so on. To address this, we want to put Mike, Kathryn, Bob, and Amy into an IT Assurance group and assign it as either an owner or stakeholder for a newly created item within their scope. We also want to put Joe, John, Elizabeth, and Hans into a Project X group so they can share their risk, compliance items, security services, etc. with each other and exclude everyone else.
Thank you for considering this feature request. Visualizations is a great step forward.
Yep - groups will become more important in eramba , the following is planned:
being able to define more than one group per user (System / Settings / User Management)
“roles” (collaborator, owner, author, etc) will let you choose groups too
“roles” will be customisable, a bit like customising fields
In general, anywhere where you now have the option to choose a single account , you will be able to choose a group. In the new workflows, that is already the norm.
Thanks for the feedback!
ps. visualisations, filters, etc have already been migrated to the rest of the system and will be released on r37
Today we started a discussion about this topic its a complicated change but one we need to start preparing for, in order to meet these three use cases:
1- allow better access control to users
2- be able to select not just users, but groups of users for custom roles (owners, collaborators, etc) … this could boost notifications, workflows, etc.
The challenge is that “groups” in eramba are “local” and “users”, even when they can authenticate with ldap, are still local too. From here we have two additional needs:
3- being able to create users “quicker”, for example telling eramba “go get users from this group in my AD” and make accounts for them. this would create that group too in eramba. this would not be a one off, but a sync would happen every hour or so.
This is just a scrappy note so i dont forget this (im sure there are others) approach to this issue.
@eramba, this is a tricky subject with lots of upside. I recommend keeping your conversations broad to start. Groups might solve other issues, like tenancy, where a consultant, like myself, wants to use a single instance Eramba to service multiple small customers at the same time. Application of groups needs to be ubiquitous so all functionality can leverage them.
The other thing I would consider is being able to exclude admin from a particular group. This is an edge case I’m sure, but if there is no trust between groups, the ability to exclude admin from a group could be beneficial.
