1 Configuring a user

Overview

The initial Zabbix installation has two predefined users:

  • Admin - a Zabbix superuser with full permissions.
  • guest - a special Zabbix user. The 'guest' user is disabled by default. If you add it to the Guests user group, you may log in with this user and access monitoring pages in Zabbix. (Note that, before Zabbix 6.4.13, automatic guest login was possible.) By default, 'guest' has no permissions on Zabbix objects.

To configure a user:

  • Go to Users → Users.
  • Click on Create user (or on a user name to edit an existing user).
  • Edit user attributes in the form.

General attributes

The User tab contains general user attributes:

All mandatory input fields are marked with a red asterisk.

Parameter Description
Username Unique username, used as the login name.
Name User first name (optional).
If not empty, visible in acknowledgment information and notification recipient information.
Last name User last name (optional).
If not empty, visible in acknowledgment information and notification recipient information.
Groups Select user groups the user belongs to. Starting with Zabbix 3.4.3 this field is auto-complete so starting to type the name of a user group will offer a dropdown of matching groups. Scroll down to select. Alternatively, click on Select to add groups. Click on 'x' to remove the selected.
Adherence to user groups determines what host groups and hosts the user will have access to.
Password Two fields for entering the user password, or a Change password button if the user already exists.
Clicking on the Change password button opens two fields for entering a new password.
For the user with the Super admin role changing own password, clicking on the Change password button opens an additional field for entering the current (old) password.
On a successful password change, the user for which the password was changed will be logged out of all active sessions.
Note that the password can only be changed for users using Zabbix internal authentication.
Language Language of the Zabbix frontend.
The php gettext extension is required for the translations to work.
Time zone Select the time zone to override global time zone on user level or select System default to use global time zone settings.
Theme Defines how the frontend looks like:
System default - use default system settings
Blue - standard blue theme
Dark - alternative dark theme
High-contrast light - light theme with high contrast
High-contrast dark - dark theme with high contrast
Auto-login Mark this checkbox to make Zabbix remember the user and log the user in automatically for 30 days. Browser cookies are used for this.
Auto-logout With this checkbox marked the user will be logged out automatically, after the set amount of seconds (minimum 90 seconds, maximum 1 day).
Time suffixes are supported, e.g. 90s, 5m, 2h, 1d.
Note that this option will not work:
* If the "Show warning if Zabbix server is down" global configuration option is enabled and Zabbix frontend is kept open.
* When Monitoring menu pages perform background information refreshes.
* If logging in with the Remember me for 30 days option checked.
Refresh Set the refresh rate used for graphs, plain text data, etc. Can be set to 0 to disable.
Rows per page You can determine how many rows per page will be displayed in lists.
URL (after login) You can make Zabbix transfer the user to a specific URL after successful login, for example, to Problems page.

User media

The Media tab contains a listing of all media defined for the user. Media are used for sending notifications.

Click on Add to assign media to the user.

If the media type has been disabled:

  • A yellow info icon is displayed after the name.
  • Disabled is displayed in the Status column.

See the Media types section for details on configuring user media.

Permissions

The Permissions tab contains information on the following elements:

  • User role that can only be changed by a Super admin user.

Since Zabbix 6.4.4, users cannot be created without a user role (except with Zabbix User API). Previously created users which do not have a role may still be edited without assigning a role to them. However, once a role is assigned, it can only be changed, not removed.

Note that users without a role can log into Zabbix only using LDAP or SAML authentication, provided their LDAP/SAML information matches the user group mappings configured in Zabbix.

  • User type (User, Admin, Super admin) that is defined in the user role configuration.
  • Host and template groups that the user has access to.
    • User and Admin type users, by default, do not have access to any groups, templates, and hosts. To grant such access, users must be included in user groups configured with permissions to the relevant entities.
  • Access rights to sections and elements of Zabbix frontend, modules, and API methods.
    • Elements with allowed access are displayed in green color, while those with denied access - in light gray color.
  • Rights to perform specific actions.
    • Actions that the user is allowed to perform are displayed in green color, while those that are denied - in light gray color.

See the Permissions page for details.