How best to implement RBAC in SMA?
What if I am storing credentials for use in scripts, but I do not want everyone with rights to SMA to be able to export the password into clear text?
What if I want to allow certain teams to edit and maintain certain runbooks, but not others?
The official Microsoft position is "use Azure" or "wait for Azure Stack." Is there a third option that one of you have implemented or have a good thought on how to construct?
...and we know that SMA can operate independently of WAP, so that is not the whole answer. But searches for any concept of RBAC on SMA return empty for the most part.
I'm keen to hear others' thoughts on this too.