The idea here is to make our employees trust in the MDM solution. I'd like to give them read-only-access to SimpleMDM to see
1) what is configured
2) what I can see about their device
3) what is NOT possible (I frequently get the question "can you read my e-mail now?")

Currently, the lowest level of access still allows to see ALL settings, accounts and apps installed on ANY device.

Being able to restrict the app-listing (similar to the settings in "Allow secret information visibility") would be a helpful feature.

Even better would be linking the SAML-identity from the Enrollment with a user account and giving the user "full read-only-access" to THAT particular device. That would be awesome!