Hi,
I am trying to restrict access to certain services depending on login. I have set-up contacts / contact group to match the login and under the service check this user is not included in the contact group with access to the service. However when I login as the user they still have access to all services, even those that they are not contact groups for. They are not included in cgi.cfg file. Any help apprecaited.
Thanks
Restrict access to services
Re: Restrict access to services
Are you logging in on the same machine? If so could you log out, and clear cache and respond with results?
Re: Restrict access to services
Hi,
Thanks for the response - no I am logging on from a differnet machine. I tried clearing cache on my browser but that didn;t make a differance. Set up as follows :
cgi.cfg :
authorized_for_system_information=admin
authorized_for_configuration_information=admins
authorized_for_system_commands=admins
authorized_for_all_services=admins
authorized_for_all_hosts=admins
authorized_for_all_service_commands=admins
authorized_for_all_host_commands=admins
contactgroups.cfg
define contactgroup{
contactgroup_name admins
alias Nagios Administrators
members first.lastname
}
#this is the group I want to exclude form certain service view
define contactgroup{
contactgroup_name users
alias Users
members user1
}
contacts.cfg
define contact{
contact_name user1
alias user1
service_notification_options n
host_notification_options n
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
}
define contact{
contact_name first.lastname
alias first.lastname
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email first.lastname@domain.com
}
services.cfg
define service{
use generic-service ; Name of service template to use
hostgroup_name Service Check
service_description Service Check
is_volatile 0
flap_detection_enabled 0
check_period 24x7
notifications_enabled 1
max_check_attempts 3
normal_check_interval 45
retry_check_interval 10
contact_groups admins
notification_interval 60
notification_period 24x7
notification_options c,r
check_command check_nrpe!check_to_run
}
Anything incorrect in this config ?
Thanks,
Thanks for the response - no I am logging on from a differnet machine. I tried clearing cache on my browser but that didn;t make a differance. Set up as follows :
cgi.cfg :
authorized_for_system_information=admin
authorized_for_configuration_information=admins
authorized_for_system_commands=admins
authorized_for_all_services=admins
authorized_for_all_hosts=admins
authorized_for_all_service_commands=admins
authorized_for_all_host_commands=admins
contactgroups.cfg
define contactgroup{
contactgroup_name admins
alias Nagios Administrators
members first.lastname
}
#this is the group I want to exclude form certain service view
define contactgroup{
contactgroup_name users
alias Users
members user1
}
contacts.cfg
define contact{
contact_name user1
alias user1
service_notification_options n
host_notification_options n
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
}
define contact{
contact_name first.lastname
alias first.lastname
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email first.lastname@domain.com
}
services.cfg
define service{
use generic-service ; Name of service template to use
hostgroup_name Service Check
service_description Service Check
is_volatile 0
flap_detection_enabled 0
check_period 24x7
notifications_enabled 1
max_check_attempts 3
normal_check_interval 45
retry_check_interval 10
contact_groups admins
notification_interval 60
notification_period 24x7
notification_options c,r
check_command check_nrpe!check_to_run
}
Anything incorrect in this config ?
Thanks,