A good question from a customer who is OEMing GroveStreams.

If your pricing plan does not include 'Content Access Security' then all you can do is add the user to the Admin group. Unfortunately, this gives them full rights to just about everything.


If your pricing plan includes 'Content Access Security':

The user needs 'Traverse' rights on the Tools node to see it. Traverse lets them expand it too.

I would create a new group called EventManagers, set up its capabilities, add the user to it, then edit the Tools' properties/Security tab:

* Add the EventManagers group to the Tools folder with Traverse rights (this allows the user to see this folder and all children and their children (since they all have "Include inheritable permissions from parent checked by default)
** You add it by right-clicking on Tools and selecting Properties/Security

* If you don't want the user to see all of the other Tools folders and their contents (they will have read-only rights), then you will have to edit each Tools folder (i.e. Cycles) and add EventManagers to each one with and select Deny Traverse


I think this will work. I didn't test it. Best if you test it with a test user account. After you make the security changes, make sure the test user can see and do the things they could before. If you mess up Tools security, they might not be able to access Tools objects which are required for most things like viewing streams or dashboards.

Today, they will also see all of the organization's groups and users in the picker when adding to a notification. Make sure that is OK. Long-term we need to move Users and Groups into the Tools tree so that they can be secured too.