RBAC - DA - SLA
I was thinking about synchronizing OnPrem SCOM Distributed Applications to Insight, toghether with SLA/SLO,
or an option to create DA in Insight (group objects) + the option to add RBAC to the group, this would eliminate the need to publish dashboards in SharePoint (or give access to SCOM) for tenants to see the general health of their scope of servers/applications
This idea is quite broad – states, distributed applications, RBAC….
The distributed application/health state part sounds like this other one http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519314-business-service-distributed-application-health – should we merge them?
There is also another idea filed for 'access control' around just the (future, multiple) custom dashboards created http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6657570-per-user-access-control-for-dashboards
For general 'scoping' (but not 'enforcing') to data of only a certain set of machines, etc - please also look at the recently enabled subquery functionality as another building block/stepping stone in that direction: http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519234-filter-groups-of-computers-thru-subqueries-in-n
I'll leave as is, not merge, for now, as there are multiple voters.... but RBAC is a totally different beast than showing state of objects - that scope cannot likely be combined.
There are specific ideas tracking things that RBAC should better protect/limit i.e. http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519299-only-allow-administrators-not-users-to-onboa feel free to file additional specific ones.
Another thing we might be able to create access controls for are dashboards (i.e. specific drill downs/solutions/dashboards - now there is only one 'my dashboard', but we intend all pages to eventually be dashboards - http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6651387-allow-to-create-multiple-dashboards
But actually separating data in search (i.e. a given user sees or doesn't see certain records) would be yet another gigantic architecture change.
What is likely more feasible in the future is to allow a federation of workspaces or 'uber' tenant seeing multiple smaller workspaces, rather than separating data within the same workspace - see this http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519233-improve-multitenancy-for-managed-services-provider
christophe lams commented
I strongly believe in the needs for good access management, if that part doesn't get removed: no problem to merge