We use a least privilege administration model so new operators have no rights until they are assigned to a role. Most of our operators just issue patching actions so there is no need for them to have custom content, locking, rest api access, etc. We were using AD groups in roles until a few months ago when an AD hiccup caused a lot of our operators to lose rights to assigned computers and content. The only fix was to delete and manually re-create the operator’s LDAP account in the console. So we’ve abandoned using the LDAP groups so this does not happen again and we are manually creating new operators. We only have a dozen or less each month but for the most part the operators remain static. However, some of our MOs forget to remove the permissions when creating accounts.
Does anyone know if there is a way to change the default permissions that are applied when a new Operator is created in the console? Instead of them having all permissions turned on we would like to have them all off by default.