Ad Widget

Collapse

Zabbix permission granularity for host configuration is insufficient

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Ace
    Junior Member
    • Jun 2021
    • 10
    #1

    Zabbix permission granularity for host configuration is insufficient

    Hello,

    After just upgrading to 6.0 LTS I expected the new user permission roles to enable the following functionality - allowing users to view items, triggers, graphs etc as READ ONLY without being able to either edit or enable/disable them. Is there any reason why this was not implemented, as it seems like a very basic requirement. Especially since there are granular API permissions which could have been applied to the same functions within the UI.
    Tags: None
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4807
      #2
      Well... User roles were implemented already in 5.2...
      GUI and API are not exactly the same things... So maybe it is not possible to go so granular in UI as in API calls? Even if UI may use API calls in some places (If I remember correctly), then it is not fully 1:1...

        Comment

        • Ace
          #2.1
          Ace commented
          12-04-2024, 09:09
          Editing a comment
          Yes and user roles don't allow this at all. You can give an admin user role host configuration privileges, however if that user is in a user group with Read only privileges for a host, they can't actually view the host configuration at all. What should happen is the host configuration being viewed in read only mode.
        • cyber
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Dec 2006
          • 4807
          #3
          Roles are basically restrictions to access certain menu parts (like allowing admin to configure hosts/templates but not allowing them to deal with host groups or maintenance or actions), user access rights still apply At least on 6.0 it is as it always has been, templates are saved in hosts table with special "flag".. I guess that is one reason, why you cannot really separate those viewing and modifying rights... As you give right to w whole hostgroup, which can contain both hosts and templates...
          I seem to remember something about separating them to different tables.. or is there now a different type of hostgroup (ie template group)? Don't have a newer one to check...
          Might be you need to upgrade a bit more to get what you need...

            Comment

            Previous template Next
            Working...