As it stands today, the user permissions / roles capabilities of cnMaestro are rather limited and create a real work flow issue for some organizations. It is common for the field technicians to have a need to remove / delete previously registered subscriber modules in the system as they change out customer equipment and re-use from day to day. Unfortunately, for these field techs to have the required permissions to remove these radios, it would also give them the ability to make much more hurtful mistakes or even intentionally destructive behavior such as the ability to modify and delete infrastructure equipment.
This also goes for the CBRS related functionality. The technician should be able to manager customer related equipment without having the ability to modify any infrastructure equipment such as AP CBRS registrations and on-boarding.
The ideal outcome would be the ability to create custom ACL style permission / role sets but the acceptable middle ground would be more diversified fixed roles that make better consideration to these common operational hierarchies of access control.