In highly secure and regulated environments, organisations require complete control over scripts executed on session hosts. Nerdio supports integration with GitHub, GitLab, and Azure DevOps to enable version-controlled, approval-gated Scripted Actions; however, this integration does not prevent the creation and execution of local Scripted Actions outside of that controlled workflow.
This means that any Nerdio Administrator can execute arbitrary scripts on session hosts without version control, peer review, or an approval process — creating a significant security and compliance gap, particularly for customers in regulated industries.
The ask is to introduce one or both of the following controls:
- A dedicated custom role permission to restrict who can create and execute local Scripted Actions
- An option to disable local Scripted Actions entirely when a DevOps/GitHub integration is active
This is not addressable with existing custom RBAC today, as certain platform functions still require full Admin permissions, making role-based workarounds infeasible.
Comments (0 comments)