Our biggest use case is wanting to allow certain operators, such as security specialists / incident response, to take actions outside of maintenance windows, while everyone else would obey the lock state.
However, we don’t want those same security specialists to perform client upgrades or change client settings, or almost any of the other fixlets in the BES Support site. We do have a custom site that is allowed to override the lock state of endpoints, but again, with the exception of a very few select admins we do not want security specialists (and other non-master operators) to access most of the content in that site.
Effectively, we are in a situation where it would be beneficial to have a way for a few different groups to have access to a very limited number of fixlets that can run at any time (i.e. override the lock state) without having access to the BES Support site or the one designated override site. Supporting multiple override sites would be the cleanest solution as we could have one Incident Response site and one Security Specialist site each with different fixlets that could run at any time.