Multi-Tenancy -- User view all services

[ayoubitou]

Hi,

I have installed Nagios XI and add 6 hosts and 8 services. I also create a user account "user1" and then put it to the hostgroup "CUD".

All hosts are in a host group, Services are associated to the Host group. The contact group of the host is "CUD". There are not a contact group or contact user for services. So normally the user should have a view of hosts but not Services. I have already read the "Multi-Tenancy guide" and i do not understand why services are visible to the user while he is not in their alert contact.

Thanks,

[Box293]

This is what is called object inheritance.

https://assets.nagios.com/downloads/nag ... tance.html

Refer to the Implied Inheritance section.

[ayoubitou]

Hi

I have placed "CUD" in localhost contact group and then admins in contact group of PING service. The issue is that users of "CUD" still seeing PING service. So my PING service inherit contact group from the host even if i specified another contact group to the service. How can i resolve this ?

[rkennedy]

Can you post your host / service definitions for us to review?

[ayoubitou]

Service definition for localhost :

Code: Select all

define service {
        host_name                       localhost
        service_description             HTTP
        use                             local-service
        check_command                   check_http
        register                        1
        }

define service {
        host_name                       localhost
        service_description             PING
        use                             local-service
        check_command                   check_ping!100.0,20%!500.0,60%!!!!!!
        contact_groups                  admins
        register                        1
        }

Host definition :

Code: Select all

define host {
        host_name                       localhost
        use                             linux-server
        alias                           localhost
        address                         127.0.0.1
        contact_groups                  CUD
        notes                           50.6439101, 3.1359789
        register                        1
        }

I don't want that users of CUD seen PING Service per example. Is it possible ?

[lmiltchev]

When a contact is added to a host, he/she will be able to view all of the services on this host. It is the "default" (expected) behavior.
Try removing the "CUD" contactgroup from the "localhost" host, and add it to all of the "localhost" services but "PING".

[ayoubitou]

It works this way. But the user will have only a service view . I want him to have a view of the host and services that I choose.

This is the documentation of Object Inheritance :

Normally you have to either explicitly specify the value of a required variable in an object definition or inherit it from a template. There are a few exceptions to this rule, where Nagios will assume that you want to use a value that instead comes from a related object. For example, the values of some service variables will be copied from the host the service is associated with if you don't otherwise specify them.

If I understand well. In my case, I have specified a different contact group for the PING service. So he musn't inherit contact group from host. Is it correct ?

[ssax]

If you want the user to be able to see the host then that automatically gives them access to view the hosts, you are unable to limited the services they can access if they are added to the host.

The only way to limit which services they can see is to not add them to the host and only assign them to the services.

[ayoubitou]

I'm still searching for the solution.
I found this : http://permalink.gmane.org/gmane.networ ... eckmk/2284
Can I override a service contactgroups ?

[tmcdonald]

Unless I am misunderstanding your question, I don't believe you can override a contactgroup on a service except by changing the definition on the service itself.