Device group access rights enable users to see or make changes to specific groups and devices in Network Performance Monitor. These rights can be enabled or disabled by the administrator, and are disabled by default. When enabled, device group access rights are applied throughout Network Performance Monitor. The device/group picker and group views respect user viewing and editing abilities based on the permissions granted to that account. Reports are not affected by group access rights but are affected by user rights.

Device Read (DR) is intended to control access to “advanced device information” and the detail data collected about that device. By “advanced device information”, I mean the device’s attributes/properties/metadata that are not necessary for display in the device list. An example would be the device’s credential list or whether Wireless monitoring is enabled/disabled. By “detail data”, I mean the “full page, device-specific” reports. Group Reports that simply display summary information for devices in the groups typically only care about the GR right (as an artifact of using LoadDeviceGroup). However, attempting to open a Single-Device CPU Utilization report for a device that only appears in groups to which you *do not* have DR should not succeed

Types of device group access rights

There are four types of device group access rights:

  1. Group Read. Allows users to view groups and the devices that are a part of the selected group. Users can see the group's device and map views. Therefore, the users can view/read basic information about the device, such as display name, device state, and device type. Group-level reports are not affected by group access rights but are affected by user rights.
  2. Group Write. Allows users to modify the properties of the device group properties, such as the device group name, permissions, and membership. However, you cannot delete devices and subgroups within the selected group from the system with Group Write only permissions. You must have Device Write permissions in order to delete devices.
  3. Device Read. Allows users to view/read advanced information about the device, such as device attributes, properties, and metadata. Device Read permissions also allow the user to view the detail data collected about the device, such as full page, device-specific reports. Device-level reports are not affected by group access rights but are affected by user rights.
  4. Device Write. Allows users to modify the properties of any device within the selected group. Device Write permissions also allow the users to delete the device within the selected group from the system.

The following is a list of operations and the group access rights that must be assigned for the user to perform that task:

  • List and Map in the Group Views menu require Group Read access.
  • Create Group and Group Properties in the Group Operations menu require Group Read and Group Write access.
  • Copy Group requires Group Read in the source group, and Group Read and Group Write in the destination group. (Permissions to groups and subgroups are copied, not inherited from the new parent.)
  • Move Group requires Group Read and Group Write in both the source and the destination groups. (Permissions of the group and subgroups remain the same.)
  • Delete Group requires Group Read, Group Write, Device Read, and Device Write recursively. (Device Read Write may not be required if the group is empty.)
  • Create Device requires Group Read, Group Write, Device Read, and Device Write. If the device already exists in other group(s), you must also have Group Read, Group Write, Device Read, and Device Write in one or more of those groups.
  • Copy Device requires Group Read in the source group and Group Read and Group Write in the destination group. The level of device permissions must be the same in both groups. Downgrade from Device Read and Device Write to Device Read is also permitted.
  • Move Device requires Group Read and Group Write in both the source and the destination groups. The level of device permissions must be the same in both groups. Downgrade from Device Read and Device Write to Device Read is also permitted.
  • Viewing Device Properties requires Device Read.
  • Modifying Device Properties, Bulk Action, and Acknowledgment require Device Read and Device Write.