[RBAC] [JEA] [Security] Implement a possibility to configure individual JEA roles in Windows Admin Center
We need custom role support for adding custom defined JEA roles in Windows Admin Center!
Ken Singh commented
I have an extremely large environment distributed across many countries. We would like to have an GUI administrative tool where we can assign/create role with specific permissions and assign to target servers in different countries. Right now we use multiple powershell scripts (like writing a novel) to accomplish this task.
The true RBAC solution for Hyper-V like SCVMM, which has full RBAC capabilities with very granular options for assigning different rights through the use of custom user roles that can be created and assigned the required configuration targeting specific resources.
Would like to give help desk staff extremely limited access to WAC. Would like to move them to something more modern than ADUC.
+1. Our scenario is that we're building a segregated Lab environment within Azure and need a tool to manage the environment. Windows Admin Centre with customised admin permissions would have been the ideal toolset as it would have been possible to grant JEA rights to various teams, e.g. grant rights for development teams to manage their own test users. As it stands, we will have to deploy a different tool it is a shame as WAC is ideal in every other respect.
+1,Yes need this implement
We really need this implementation....
Raúl Carboneras commented
WAC Support of JEA custom roles could be the trigger for many companies to start using JEA
Please provide RBAC feature when manage cluster through Windows Admin Center.
We are using Hyper-V clusters with SOFS clusters.It is not proper to use local or admin when we try to deligate different admin role to different operator, such as Hyper-V admin, SOFS admin, Backup admin, CAU admin.
It will be good to have these RBAC in cluster level and just apply to the cluster,no single server.
Jon Fox commented
+1 to Kurt's comment, as my customer is deeply involved with their current development of roles and JEA endpoints and with the decision looking as if WAC WILL BE part of their future administrative tool set, this may be more of a requirement than an ask.
Kurt Roggen [BE] commented
Or low hanging fruit... support existing JEA end-points and allow WAC to connect to them (to support scenarios such as HelpDesk, etc). JEA roles are always specific per role and per organisation.
Matt Hitchcock commented
Windows Admin Center should support connecting to custom JEA Endpoints, this basically solves the RBAC complexity in enterprises
Michael Rüefli commented
By providing credentials, add support to provide JEA endpoint name. JEA support is crucial.
Even better if available modules on the endpoint would be enumerated and non-available features get greyed out (optional).
Kurt Roggen [BE] commented
Also fits into vision of providing RBAC capabilities.
Example: support engineers can only see file & print mgmt aspects and can only perform actions defined in JEA.
This is something thats abosultely needed in a modern infrastructure. Just full admin access of evryone to anythng is not anymore the way to go.
Constantin Hager commented
Ability to connect to a JEA Endpoint and load the tools into the website based on the cmdlets in the entpoint