Add additional granularity to feature delegation
When delegating rights to GUI / Portal users it would be useful to be able to have more granular control over what features were available. For example, if access to "Realtime logs" is enabled, that user does not have access to view the web filter logs, as this is granted by access to the reporting system which we wouldn't want to delegate out to all support staff. Additionally, granting access to the "Guardian" system allows access to policies, block pages, authentication policies etc. where it would be useful to have the option to only delegate access to categories/category groups/custom allow/block etc.
Thomas Szabunia commented
A better breakdown of each category and what features/pages it allows users to access would be great, the current ones are very broad and aren't always straightforward (like your Realtime logs / Web filter logs example)