Not sure if we’d call this expected behavior, so bringing it up here before I trouble anyone with a github issue.
I have a security group for our Tier3 team that includes hiding all Custom Variables under Restrictions for the monitoring module. One of our Tier3 guys was recently promoted to Systems Administrator. Even though he is now in the group which has Administrative Access toggled, since one of the AD groups associated with Tier3 was still on his account, this restriction is still applying.
Specifically, under monitoring/blacklist/properties, it was service.vars.**.*,host.vars.**.*,service.vars.*,host.vars.*
I’m redoing our security roles anyway and will resolve it accordingly, but I would expect an administrative role to supersede this.