Good morning
I wanted to drop a note because of a question that has recently come up in my environment. When using Nagios I have several different customers so when they need Maint mode they reach out to me for support. Is there some future work being done so that I could give users access to maint mode without giving them full access to the other servers in my environment? Right now it is an all or nothing kind of option.
thanks in advance.
RBAC question
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: RBAC question
A standard User should be able to schedule downtime for the hosts/services they have access to.
Home -> Incident Management -> Scheduled Downtime
Home -> Incident Management -> Scheduled Downtime
Re: RBAC question
When looking at the user configuration I am really only seeing where it says all hosts. Not specific hosts. Perhaps i am missing another area?
You do not have the required permissions to view the files attached to this post.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: RBAC question
If the user is "read only" they cannot take actions including scheduling downtimes...
Re: RBAC question
I can resolve that with minimal issue, my concern was about the all server and all policies or nothing aspect. I was hoping for assistance with categorizing peoples access to their hosts only.
Re: RBAC question
Apologies
that reply came off as more snarky than I wanted it too, basically when you add someone to the advanced option they can access the advanced options for all the nagios hosts. I was hoping there was a way for it to be group based ?
that reply came off as more snarky than I wanted it too, basically when you add someone to the advanced option they can access the advanced options for all the nagios hosts. I was hoping there was a way for it to be group based ?
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: RBAC question
If you just remove the Read-only and leave the rest how it is, they will still be able to see everything because you have the boxed checked, but will only be able to take action for hosts/services they are a contact for, anything else should error.