Is there a way to tie the ability to acknowledge different alarm priority or severity levels with security roles? It's not looking like there is, the operational permissions just have a check box for can acknowledge alarms. Nothing for can acknowledge Critical alarms.
It looks like even though you have 1000 alarm priority levels and 4 severity levels there is no way to simply say Role 'A' cannot Ack alarms with a priority greater than X or an alarm of Critical severity but role 'B' can. You would need to make a Security Group just for Critical severity alarms and remember to drag any instances you create into that group as there is no way(?) to link a template or attribute to a Security Group. I think that would also mean that you could not have attributes with Critical, High or Low alarms in the same template?
For example, you want users in certain roles to only have permission to acknowledge alarms that are generated from objects contained in Area1. You have a role named Area1Acknowledgers. You need to:
1. Create a new Security Group, for example SecGrpArea001.
2. Assign all objects that are contained in area Area1 to Security Role SecRoleArea001.
3. On the Roles page, select the Area1Acknowledgers role. In the Operational Permissions the Security Group for SecGrpArea001, select Can Acknowledge Alarms.
4. Any user that belongs to the Area1Acknowledgers role can at least acknowledge alarms of objects contained in the security group SecGrpArea001. They do not have any other operational permissions for those objects.
It looks like even though you have 1000 alarm priority levels and 4 severity levels there is no way to simply say Role 'A' cannot Ack alarms with a priority greater than X or an alarm of Critical severity but role 'B' can. You would need to make a Security Group just for Critical severity alarms and remember to drag any instances you create into that group as there is no way(?) to link a template or attribute to a Security Group. I think that would also mean that you could not have attributes with Critical, High or Low alarms in the same template?
For example, you want users in certain roles to only have permission to acknowledge alarms that are generated from objects contained in Area1. You have a role named Area1Acknowledgers. You need to:
1. Create a new Security Group, for example SecGrpArea001.
2. Assign all objects that are contained in area Area1 to Security Role SecRoleArea001.
3. On the Roles page, select the Area1Acknowledgers role. In the Operational Permissions the Security Group for SecGrpArea001, select Can Acknowledge Alarms.
4. Any user that belongs to the Area1Acknowledgers role can at least acknowledge alarms of objects contained in the security group SecGrpArea001. They do not have any other operational permissions for those objects.