Ad Widget

**Tenzer** · 27-03-2008, 16:14

It's not a need for us, since we only use Zabbix to ourself, and everybody have full access to everything

**Alexei** · 27-03-2008, 17:04

Note that the very fine granularity was supported by 1.1.x. It is ok for managing small installations, however it quickly goes out of control as soon as we start using it for hundreds and thousands of devices.

That's why host group level permissions for user groups were introduced in 1.4.x.

**kassec** · 27-03-2008, 18:13

What I'm talking about is item level granularity. I know it's heavy to support, but would permit to give access only to a few items to some external users.

My concern is that I don't want to create as many hosts as number of users that should be able to access monitoring data for a small part of one host. I'm a service provider, behind a 48 ports switch, I could have up to 47 customers and each should be able to access data regarding its port *only*. With the current model, I need at least 48 hosts to do that.

**Alexei** · 27-03-2008, 18:53

I understand what you are talking about. However I do not think I will change my mind any time soon.

**sege** · 28-03-2008, 17:13

I would like to see this feature as well. Just as above, to be able to give customers there own 'view' and show them how much bandwidth they use and so forth.

How can we make you change your mind?

**Alexei** · 28-03-2008, 21:14

A question for those who wants to see this feature, how big is your environment? I mean this would probably be useful in case of really small environments, when maintenance is not a big issue. I just cannot see how ZABBIX administrator could effectively manage permissions based on individual items for hundreds or thousands of devices and even tens of users.

**sege** · 29-03-2008, 10:51

Mixed environment with colo and managed hosting, we monitor a few hundred servers and we might have ~100 customers that we would like to be able to server graphs to.

**xs-** · 31-03-2008, 11:05

Well . . .
I can definitely live without this, but i would use it if it was available.
We run zabbix in a corporate hosting environment where we have customer specific and shares hosting services. Within the shares environment i could use the services per customer stuff.
Besides that, it could also be used to present specific views of zabbix to specific knowledge groups, i.e. os -> os admins, app1 -> app1 admins, oracle -> oracle admins, custom customer monitoring -> customer.

**kassec** · 31-03-2008, 18:08

Originally posted by Alexei

I just cannot see how ZABBIX administrator could effectively manage permissions based on individual items for hundreds or thousands of devices and even tens of users.

So the question arise : which solution should we implement ?

I mean, if we can't do this with our monitoring tool, which tool will do it ?

**sege** · 10-09-2009, 10:25

What are the road maps regarding permissions? I really need to be able to give my customers permissions to see like one port in one switch, which I'm by now not able to do.

Should I add a feature request in the tracker about this or?

As it is now I have to add the same switch like 50 times with the name swich_customer and on this host JUST add the port the should be able to see. This is way out of line and soon goes bizarre. Now I have to stick with Cacti for presentation of internet usage for our customers and some other things.

Solutions if I don't get better granularity on permissions?

**suran** · 12-09-2009, 17:34

Just saw this poll - this is a very important feature to me. To the question of 'How will you manage it in a large environment" - my answer is simple: the same way as anything else is managed in a large environment. Each of these ports is already managed; they have cables that run to specific servers, they're on specific vlans, they have specific port speeds... adding a step in our process to look at the zabbix permissions for the port is trivial.

If this is NOT introduced, THEN I get into a management nightmare. I'd have to create a host for every port. I have thousands, maybe even tens of thousands, of ports on my network. That means I now have up to 10,000 new hosts to monitor. Yuck!

**sege** · 15-09-2009, 11:41

Any feedback from the Zabbix team perhaps? This is very important, without this we can not implement Zabbix att all and are stuck with Nagios+Cacti instead.

**Alexei** · 15-09-2009, 11:56

I would like to see this issue registered under ZBXNEXT in https://support.zabbix.com for an useful discussion and voting. It would be nice to hear what kind of granularity you all are expecting.

**sege** · 15-09-2009, 12:09

Aight, I did this:

Loading...

https://support.zabbix.com/browse/ZBXNEXT-77

All you who have written in this thread, please add info to the ticket if I missed something or didn't write it as clear is I should.

Ad Widget

Security model : add better granularity

Security model : add better granularity

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment