Hi all,

First of all, the following is how i an personally experiencing things, and i could be wrong in making several assumptions, please correct me if I'm wrong.

Although this changed somewhere in the 1.4 tree (1.4.5 or 1.4.6) i didn't think it would be used in 1.6. As it is, i am wondering why and looking for some more info on the subject. Perhaps I'm missing the whole point of the change.

Situations
I am talking about the user types and permissions (RO/RW on hostgroups and nodes).
In 1.4 (except 1.4.5 and 1.4.6 i think) the behavior was as follows:

• User
  A normal user for accessing normal system content.
  Depending on the permissions (RO/RW for hostgroups) this means viewing collected data or viewing / altering hosts / items / triggers.
• Admin
  A user with elevated privileges which can manage all normal system content plus configuration of the system itself, with the exception of dangerous and permissions configuration (i.e. user/group and node).
• Super Admin
  Like admin but can configure everything

Furthermore, when setting group permissions, you could grant RO/RW/DENY rights to hostgroups and nodes.

Now in 1.6 (+-1.4.5) some things changed, and this method apparently is used in 1.6.

• UserNormal user which can only view information, not change (configuration menu never shows).
  Whats the point of RO/RW rights here anyway? the normal monitoring view has no fields to mutate.
• Admin
  This looks more like the normal user in 1.4.4 and before. Configuration menu is available for Admins but only hosts(groups) show up where the user actually has RW permissions for. No administration panel.
• Super Admin
  Admin user which can manage all system content plus system configuration.

When setting group permissions, only hostgroups can be selected, node selection is no more?

My view on things
IMHO:

• there's nothing wrong with, depending on permissions, a normal user being able to mutate 'normal content'.
• What happened to the node permissions? Ok, it didn't work when it was selectable, but the idea is great. Grant write permissions to a user (for managing all that node's content) or admin (for managing node configuration, aka admin panel).
• I kind of liked the old difference between admins and super admins (user / node management limited to a few, normal admin privileges to the rest of the admins).

So to sum up:

• User should be able to configure content (hosts/hostgroups, items, triggers, etc) depending on permissions.
  • RW on hostgroup: configure hosts (not delete). Things like disable hosts / items / triggers (for maintenance etc), create new items / triggers, etc.
  • RW on node configure all content on the node.
• Bring back nodes in the permission selection (so its hostgroups AND nodes).
• Restore normal Admin functionality in combination with the node permissions, but keep dangerous stuff to super admin (like user/group and node management).
  • DENY on node: no admin menu
  • RO on node: access to most of the admin panel but no changes
  • RW on node: access to most of the admin panel incl changes

Sorry for the long post, i tend to babble a lot