Ad Widget

Collapse

Controlling access to proxy selection by user group

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • dan_cytexone
    Member
    • Dec 2008
    • 61
    #1

    Controlling access to proxy selection by user group

    Hello

    Is there a way to control users access to only select certain proxies? To use Zabbix in a multi tenant environment.

    Thanks!

    Dan
    Tags: None
    • kloczek
      Senior Member
      • Jun 2006
      • 1771
      #2
      Originally posted by dan_cytexone
      Hello

      Is there a way to control users access to only select certain proxies? To use Zabbix in a multi tenant environment.
      Zabbix proxies are collectors of the monitoring data in one direction and monitoring configuration on reverse direction. They are sitting between zabbix server and zabbix/snmp/other agents running on monitored systems.

      Proxies have nothing to do with users.
      http://uk.linkedin.com/pub/tomasz-k%...zko/6/940/430/
      https://kloczek.wordpress.com/
      zapish - Zabbix API SHell binding https://github.com/kloczek/zapish
      My zabbix templates https://github.com/kloczek/zabbix-templates

        Comment

        • dan_cytexone
          Member
          • Dec 2008
          • 61
          #3
          Originally posted by kloczek
          Zabbix proxies are collectors of the monitoring data in one direction and monitoring configuration on reverse direction. They are sitting between zabbix server and zabbix/snmp/other agents running on monitored systems.

          Proxies have nothing to do with users.
          Thank you for the response, but that is not the question I asked. If you are using Zabbix in a multi-tenant environment, where multiple users from multiple companies have access to select any proxy they want from other customers it is a security risk.

          So I respectively disagree that proxies have nothing to do with users.

          Dan

            Comment

            • kloczek
              Senior Member
              • Jun 2006
              • 1771
              #4
              Originally posted by dan_cytexone
              Thank you for the response, but that is not the question I asked. If you are using Zabbix in a multi-tenant environment, where multiple users from multiple companies have access to select any proxy they want from other customers it is a security risk.

              So I respectively disagree that proxies have nothing to do with users.
              I can only repeat that zabbix proxies are collectors of the monitoring data in one direction and monitoring configuration on reverse direction.
              If in your env such two functionalities may create some security risk int may be caused only by:
              • Some zabbix users may read monitoring data which are collected and to which they should not have the access. Solution: add proper RO access for those users.
              • Some user may change monitoring configuration on exact monitored hosts. Solution: limit RW/admin access to those hosts.

              Zabbix access control does not bases on proxies over some hosts are monitored. It uses hosts groups or host names.
              Last edited by kloczek; 06-03-2016, 03:01.
              http://uk.linkedin.com/pub/tomasz-k%...zko/6/940/430/
              https://kloczek.wordpress.com/
              zapish - Zabbix API SHell binding https://github.com/kloczek/zapish
              My zabbix templates https://github.com/kloczek/zabbix-templates

                Comment

                Previous template Next
                Working...