> I am trying to create a user account with View-Only access to our entire > Racktables environment. They are allowed to see all assets and tab info but > should not be able to change any details. We have not created a universal tag > that is attached to all objects. You can use these patterns: 1. For a specific username. allow {$username_guest} and {$tab_default} 2. For a specific tag, which is set for several users. allow {guest user} and {$tab_default} 3. For every user. allow {$tab_default} There is no need to deny all other access, because access policy always ends with implicit "deny". -- Denis Ovsienko