Cloud Management and AIOps


This is an IBM Automation portal for Cloud Management, Technology Cost Management, Network Automation and AIOps products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Submitted
Workspace IBM Turbonomic ARM
Categories Authentication & Security
Created by Guest
Created on Oct 24, 2025

RELATED IDEAS

Assigning user with multiple roles or multiple external user groups

Enterprises are getting complex and role of a FinOps, DevOps or SRE is getting more fragmented. With this direction in the organization, a FinOps team member may want to have a readonly/observer privilege on all the resources, but more actionable privilege on systems that are part of the FinOps team to optimize and run application at its peak performance. This means the user need two separate level of permission.

Two ways to achieve

One going to be very granular and flexible, but can be complicated to implement. In this approach each role can be setup to have permission per group that is scoped for that role. This means an organizational role that is for FinOps will have multiple groups assigned and for each group different privileges are given. Example: FinOps-Role1 will have all groups assigned (can be tag based or an option with 'all' group to eliminate maintenance activity when a new group is created or new account is added) and observer privilege is assigned for all. FinOps-Role2 will have everything as FinOps-Role1 and a override on the FinOps group with automator privilege.

Second approach will be to allow assigning more than one external user group to a user. In this case, Turbonomic administrator will create two external groups, FinOpsObserver who can view entire organizational resource and FinOpsAutomator who can take action on FinOps resrouces. These groups can be assigned individually or together to a user giving them just observer privilege or observer for all and automator for FinOps systems

Idea priority High

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.