User permissions

[BanditBBS]

Yeah, that is going to be tricky then. Notifications can enabled/disabled for hosts/services, or for individual contacts. It's possible you could attempt to get creative with escalations, but that might potentially add a lot of needless complexity to the situation.

Mike,

If I have the script figure out who is NOT on call, couldn't it then just uncheck the "Enable Notifications" for that user's XI account? That way, only one contact group is needed and they would still retain permissions, just wouldn't get any notifications. I'll be playing with abrist's idea as well.

Thanks

[mguthrie]

If I have the script figure out who is NOT on call, couldn't it then just uncheck the "Enable Notifications" for that user's XI account? That way, only one contact group is needed and they would still retain permissions, just wouldn't get any notifications.

Yes, that should work.

[BanditBBS]

Just went over to my backup's desk and went over the two options. As I was telling him about them, I thought of an issue with the uncheck "Notifications Enabled" method. Some people will be members of multiple on call groups, so that will not work as they would get no notifications. Based on that, I will be using the abrist method (Once it works, it will get renamed to the Bandit Method(tm)) LOL

[abrist]

Just remember that template settings will not be inherited by the contact unless you set those settings on the contact to "skip". Best of luck.

[BanditBBS]

abrist, let me explain how I think I understand this will work and see if I am planning it properly. I'll use our network group as an example.

Code: Select all

Change all contacts to skip Notifications Enabled

Create contact group(network_all) and put all network users in it.
Create a contact template(network_all) and put the contact group(network_all) in it and have notifications disabled in the template.

Create a contact group(network_oncall) and put the primary on call user in it(this will be a static file written by script)
Create a contact template(network_oncall) and put contact_group(network_oncall) in it and have notifications enabled in the template.

Associated the 2 created contact groups with the switches, routers and other equipment.

If people are in both groups, will the no notifications in the all group override the notifications enabled in the oncall group?

Once I do this, every network group member should be able to see all their items in XI, but only the users in the oncall group will actually get notifications, correct?
My last question is, how does a user adjusting their notifications under their XI account affect this? For example, say I am in the network_oncall group, but I go into my XI account and make changes to notifications, will that override my changes to the contacts?

[BanditBBS]

If people are in both groups, will the no notifications in the all group override the notifications enabled in the oncall group?

Expanding on that question, I guess I can make all the group memberships be written as static configs by the script and ensure people are not in both groups so I don't have to worry about one overriding the other.

[abrist]

If people are in both groups, will the no notifications in the all group override the notifications enabled in the oncall group?

The topmost template will take precedence.

Once I do this, every network group member should be able to see all their items in XI, but only the users in the oncall group will actually get notifications, correct?

As long as they are a contact on those hosts, yes.

My last question is, how does a user adjusting their notifications under their XI account affect this? For example, say I am in the network_oncall group, but I go into my XI account and make changes to notifications, will that override my changes to the contacts?

All local settings, like those set through the actual contact, will always take precedence, even over settings inherited from a template. So it would be imperative that the contacts do not set their own notification options, at least those options concerning when and how to notify.

[BanditBBS]

abrist, it's me again!

Let me try and better explain my question earlier, as I still don't understand the answer

The topmost template will take precedence.

I will be putting all network team members in a contact group called "network_all" and that will have a contact template assigned to it that has notifications off. Inside that, there is user1, user2, user3, user5, user5. This group is used to give all network admins access to everything network related in XI.

I will have a second contact group called "network_oncall1" that will have the primary on call person in it (i.e. user1). This group will have another contact template that enables notifications.

The network_all group will be configured in XI. The network_oncall1 group will be a static configuration file created by my script whenever it is run, which will then also restart nagios so the file is read in. If I need to make network_all a static configuration file also, is there a specific order files are read in(alphabetical or something)? That way I can make sure user1 has notifications enabled.

My question, since user1 is in network_all that disables notification and also network_oncall which enables notifications, how do I make sure it is read in the order needed so that user1's notifications are enabled? If I need to make network_all a static configuration file also, is there a specific order files are read in(alphabetical or something)? That way I can make sure user1 has notifications enabled.

I know I rambled here, hopefully I explained this well enough.

Thanks for all the input so far!

[abrist]

You may want to setup the network_all group to "skip" notification options rather than disable them (as you would with the contact itself). This will make sure that the oncall template will not be overridden.

You should understand that this is pure theory at this point, I would appreciate an update on how well it worked in implementation.

[BanditBBS]

You should understand that this is pure theory at this point, I would appreciate an update on how well it worked in implementation.

Wow, I just laughed pretty good at that. I understand, it isn't a built in function of XI, just hoping I can get it working. Our on-call rotation schedule is already handled by a sharepoint site. I have a request in for them to automate the export of data and to call my script to create the configuration files. Once they have their part done I will test my part.

It may be a couple weeks before I report back to you, but I for sure will, so others will know if this works.