Hey Jan, I hear your concern here. Fleet generally takes the position of providing control for admins, and transparency for end users. This already exists to some extent with
Fleet Desktop, and we want to further improve that experience to let end users see what queries are running. Note that this would not be end users controlling which queries can run -- admins will maintain that control.
For the security concern, there are a couple of mitigations:
1) Utilize the roles (Observer, Maintainer, Admin) to control what each user account can do (Fleet Premium has the
Teams feature that allows applying different roles across different groups of hosts).
2) Monitor the
activity log. This is available in the Fleet UI and stderr of the server. In Fleet Premium this can also be logged to any of Fleet's supported log destinations.
Does this help? We are always open to suggestions from community users and we are able to provide extra prioritization to requests from customers.