Ad Widget

Collapse

Zabbix User with Read-Write is redundant?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Smoke
    Junior Member
    • Jul 2014
    • 29
    #1

    Zabbix User with Read-Write is redundant?

    I'm trying to understand the privilege level a bit more in depth and so far i wasnt able to sort out the difference in read-write hosts vs. read only for "non admin" users.

    My question is as follow, if i have user X which belongs to a Group A but is of type "Zabbix User" it wont matter if that Group A has read-write access to hosts, right? because he will never get access to configuration menu for being "regular" user, that's correct?

    I'm trying to avoid create two different groups for admins / non admins users and i don't see a reason to revoke the "read-write" access when they are users.

    Please advise.
    Regards,
    Tags: None
    • kloczek
      Senior Member
      • Jun 2006
      • 1771
      #2
      Originally posted by Smoke
      I'm trying to understand the privilege level a bit more in depth and so far i wasnt able to sort out the difference in read-write hosts vs. read only for "non admin" users.

      My question is as follow, if i have user X which belongs to a Group A but is of type "Zabbix User" it wont matter if that Group A has read-write access to hosts, right? because he will never get access to configuration menu for being "regular" user, that's correct?

      I'm trying to avoid create two different groups for admins / non admins users and i don't see a reason to revoke the "read-write" access when they are users.

      Please advise.
      Regards,
      I think that zabbix security and permission model needs to be redesign.
      Few examples AFAIK not possible to implement now:
      - how to give an access to create/clone template and allow edit it to user or group of users?
      - how to give an access to view read only templates and/or host items in R/O mode to specified user or group of users?
      - how to give an access to change host items and used templates in specified group hosts for specified user or group of users?

      Above scenarios are typical in larger environments with many groups of people where for some people it would be good to give a little relaxed access to hosts setting for example of non-prod hosts.
      So far only solution which I found is keep running two zabbix servers. One with prod and second one with non-prod hosts/templates.
      http://uk.linkedin.com/pub/tomasz-k%...zko/6/940/430/
      https://kloczek.wordpress.com/
      zapish - Zabbix API SHell binding https://github.com/kloczek/zapish
      My zabbix templates https://github.com/kloczek/zabbix-templates

        Comment

        Previous template Next
        Working...