Security and Authentication

Multiple authentication methods

Zabbix web frontend supports several authentication methods:

  • Internal database
  • HTTP basic authentication
  • LDAP authentication

If LDAP is used as authentication method and it becomes unavailable for any reason, user groups still may use internal authentication to access the Zabbix web frontend.

Encryption between Zabbix components

User permissions

With encryption support it is possible to secure communications between separate Zabbix components (such as Zabbix server, proxies, agents and command-line utilities) using Transport Layer Security (TLS) protocol v.1.2. Certificate-based and pre-shared key-based encryption is supported. Encryption is optional and configurable for individual components.

User permissions

Zabbix has a flexible user permission schema, which can be efficiently used to manage user permissions within one Zabbix installation or in a distributed environment.

User types

Zabbix supports several types of users. User types are used to define access to administrative functions and to specify default permissions.

User typeDescription
Zabbix UserThe user has access to Monitoring menu. The user has no access to any resources by default. Permissions to host groups must be explicitly assigned.
Zabbix AdminThe user has access to Monitoring and Configuration. The user has no access to any host groups by default. Permissions to host groups must be explicitly given.
Zabbix Super AdminThe user has access to everything: Monitoring, Configuration and Administration. The user has a read-write access to all host groups. Permissions cannot be revoked by denying access to specific host groups.

Granting access to hosts

Permissions are granted to user groups on a host group level. Thus access to a host depends on what kind of permissions the user group has for the host group the host belongs to.

There are three kinds of permissions to access hosts or host groups:

  • Read-write – a read-write access
  • Read-only – a read-only access
  • Deny – access denied

A screenshot below gives an overall idea of how easy it is to assign user permissions for hosts or host groups.

User permissions

Permissions are granted by adding a host group to the respective access level (RW/RO/denied).