Granular Role-Based Access Control
The updated role-based access controls are a step in the right direction, however there is a major drawback. For example, you cannot segment your Endpoint devices from your Server devices by using role-based access control groups without losing write access to global shared settings.
It would be great if you could simply segment the Endpoint management from the Server management using the RBAC so that the appropriate internal teams have full access to control their environments without crossing paths. I would assume most medium-large businesses could benefit greatly from having this level of control over which internal teams can control Endpoints vs Servers.
We are working through this same scenario and having that level of control is key to successfully moving forward. Right now, the only solution seems to be to stand up a separate tenant for each of the areas. You lose visibility across the whole of your environment though. Plus, you have two things to manage and monitor.
RBAC is there. This level of control just seems to me to be the reason why you'd want RBAC at all.