Currently in depth Whitelist rules can only be set in the Management Console. In there we mostly work with Device Collection. We set a rule with a certain behavior, people it affects, etc. and then connect it with a Device Collection. After that the main effort is in adding new devices to that Device List.

We would like to split the administrative load and have main administrators that set up rules and policies. And then we would like a seperate user group with limited permissions that can only add or remove devices from existing device collections. It is important for us that the User group that adds and removes Devices can not change any other critical settings.

I can see that the trend is currently to migrate most into the Operation Center and there is already a option to create rules present. I personally support that trend and would like the ability to create in depth rules analog to the Management Console in the Operation Center and then set modify permissions to the individual associated device collection. This would also remove the limit of only one person being able to modify the policy at once.

Example:
IT Headquater: Full permissions to create rules and manage permissions
IT Subsidiary 1: Acces to Device collections: 1HID, 1Smartphone, 1Printer
IT Subsidiary 2: Access to Device collections: 2HID, 2Smartphone, 2Printer

With this a associated logging that shows who added / removed what entry would also be of high interest for us.
We noticed the current rules get sent to all devices. We would like it, if we could decide which "rule" gets sent to which device. (Like with policies where we can decide that PolicyWhitelist1 goes to Subsidiary 1 and PolicyWhitelist2 only goes to Subsidiary 2)