Cloud Management and AIOps


This is an IBM Automation portal for Cloud Management, Technology Cost Management, Network Automation and AIOps products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Submitted
Workspace IBM Cloud Pak for AIOps
Created by Guest
Created on Mar 31, 2026

RELATED IDEAS

Enable group-scoped author permissions for Runbooks, so that users with Author role can view, create, and edit only the Runbooks assigned to their group(s) instead of having visibility to all Runbooks across the platform.

Current Behavior

In Cloud Pak for AIOps Runbooks:

When Runbook Groups are enabled:

  • Users with View/User roles can only see Runbooks assigned to their groups.
  • Users with Author role (and above) bypass group filtering and can see all Runbooks across all groups, regardless of group assignment.

When Runbook Groups are disabled:

  • All users can see all Runbooks.

This behavior is by design and aligns with the current RBAC implementation, where Author is treated as an elevated administrative role.


Problem Statement

Large enterprise customers with multiple teams authoring Runbooks (multi-team or multi-tenant style usage) face challenges with the current model:

  • Runbook Authors:
    • Can unintentionally see and edit Runbooks belonging to other teams
    • Risk modifying or overwriting Runbooks that they do not own
  • Group assignments lose effectiveness once Author role is granted
  • Customers cannot enforce team-level logical isolation for Runbook authoring

This creates operational risk, especially in regulated environments (e.g., banking) where separation of duties and ownership boundaries are critical.


Customer Use Case (Isbank Example)

  • Multiple teams independently author and maintain Runbooks
  • Each team owns a dedicated Runbook Group
  • Teams want:
    • Authors to create and manage Runbooks only within their assigned group(s)
    • No visibility or edit access to Runbooks owned by other teams
  • Goal:
    • Avoid accidental edits
    • Improve governance
    • Achieve practical multi-tenancy within Runbooks


Requested Enhancement

Introduce an optional permission model that allows Author role to respect group boundaries, such as:

  • Group-Scoped Author Mode
    • Authors can:
      • Create Runbooks only within assigned groups
      • Edit and view Runbooks only in their groups
    • Authors do not see Runbooks outside their group assignment


Benefits

  • Enables true multi-team / multi-tenant Runbook usage
  • Reduces risk of accidental changes
  • Improves governance and segregation of duties
  • Aligns with enterprise security and compliance expectations
  • Maintains backward compatibility by making the behavior optional

 

Conclusion

This enhancement would provide flexible, enterprise-grade access control for Runbooks while preserving the existing RBAC model. It would significantly improve adoption and safe usage of Runbooks in multi-team environments.

Idea priority High

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.