I am trying to restrict the access available to a user from the Nagios Web interface but am not getting the results I need. I want a user to be able to see all configured monitoring but be able to put downtime in for only the services they are the contact for.
I have create the user in htpasswd file (red-apps)
The cgi configuration file has the following
authorized_for_system_information=nagiosadmin
authorized_for_configuration_information=nagiosadmin
authorized_for_system_commands=nagiosadmin
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin
I have created the contact (red-apps) , contactgroup (red-apps) with the member ( red-apps).
Then setup some services for this contactgroup.
When I log on to the web using the user (red-apps) I can see all hosts and services as required. If I select a host or a service which the user is not a contact for I get the message not authorized which is what I want. If I select a service which this user is a contact for it works. All good.
But when I select service groups grid display and select any of the service groups and then select service group commands and request downtime for the hosts in this servicegroup it works, or downtime for all services in the service group it also works. My understanding is this shouldn’t work if the user isn’t the contact for that service or host.
Is there something I am missing here, or a way to stop this from happening?