As a cloud admin, I want to explicitly define which users should have PCI compliance checks turned on. Currently, I can only blacklist certain users, but I have use cases which require one special user (the super duper admin) be held to a higher standard than the other users on a cloud. I have other use cases where entire projects, or maybe even domains, need to be held to a standard, but outside of those they should not be held to the standard.
We provide individual private clouds to customers, and provide them a lower level of admin access than super duper admin. Our own super duper admin needs to adhere to PCI, but we do not feel it's appropriate to enforce such requirements on the users our customers create for themselves. That said, some customers may decide that some sets of the users they create should require PCI compliance, but not all of them. Because we do not control user creation, a blacklist is inappropriate as it will constantly be behind.
Does the current resource_options[0] implementation currently fix this (at least partially) since you can opt users out of password expiration/first use password change/lockout attempts?
[0] https:/