At the moment the GMU seems to be hardcoded to allow only user with admin access. As an MSP we have a number of customers where we are responsible for the technical maintenance of the gateway, but not for the functional part. We have tried to create a functional admin role for the customer in these cases where they can do all the work on the gateway, but are not able to access some key components. We currently achieve this by adding our key resources to a security zone and creating a customer-admin role which has access to anything which is not in a security zone. In addition to this we usually need to specifically allow some things like access to audit events, log sinks and cluster properties since those are not covered by a security zone. For the GMU there is no such option. GMU access is in part controlled by the restman policy, but it always requires a user with admin access. So we end up having to give the customer a GMU user with full admin rights to be able to do their own migrations.
What we are looking for is a way to have more control over how to allow access to the GMU. There are two options which come to mind:
- Add one or more GMU permissions which can be used to assign to a role
- Handle access to the GMU completely in the Restman policy
My first thought would be that the second option is the easiest and most flexible one to implement. It would allow you to completely configure access with regular policy language. Giving you the option to allow access not only based on role, but also in combination with the specific operations, elements or other content in the restman calls. Downside is that it would require more knowledge on how the GMU works, but I expect that is not a big issue for those who need this level of control over the GMU access. Basic control can still be done with the current template restman policy.