CCM Limited Not Inheriting from Host Groups
Posted: Thu Jul 26, 2018 3:31 pm
Hello again. Now that I have the errors I was encountering with XI after upgrading dealt with, I'm encountering what I can only assume is an error in the permissions logic.
One of the big features we are wanting to make use of in 5.5 is the ability to have a limited role inside of CCM. I have been playing around and seem to have encountered a problem with having permission to view certain services.
I have a contact by the name of bobtest
I have a contactgroup with name EA-Admins
I have a hostgroup named ea-servers
I have several servers that are in the ea-servers group.
If I login as user bobtest with Limited CCM roles, all permissions granted other than for the Tools at bottom, I can go to CCM -> Services and add a new service.
If I attach that service directly to a host that bobtest is a contact for or is in a contactgroup attached to that host, bobtest can continue to see the defined service in CCM.
If I take a previously created service and add it to a host that bobtest is a contact for or is in a contactgroup attached to that host, bobtest can continue to see the defined service in CCM.
However, if I do not attach that service directly to a host, but instead attach it to a hostgroup that contains hosts that bobtest is a contact for or is in an attached contactgroup of which bobtest is a member, bobtest can no longer see that service in CCM.
In fact, if I attach the EA-Admins contactgroup directly to the defined service or even attach the bobtest contact directly to the service, bobtest still cannot see the service in CCM.
It seems the only inheritance is by having the contact or contactgroup of which the contact is a member directly attached to a host that the defined service is also directly attached. If this is by design it severely undermines the value of this functionality. If it isn't by design, then do you have any ideas as to what I am missing here?
FYI this is Nagios XI 5.5.2 running on a CentOS 7.5 system with a local MariaDB backend.
One of the big features we are wanting to make use of in 5.5 is the ability to have a limited role inside of CCM. I have been playing around and seem to have encountered a problem with having permission to view certain services.
I have a contact by the name of bobtest
I have a contactgroup with name EA-Admins
I have a hostgroup named ea-servers
I have several servers that are in the ea-servers group.
If I login as user bobtest with Limited CCM roles, all permissions granted other than for the Tools at bottom, I can go to CCM -> Services and add a new service.
If I attach that service directly to a host that bobtest is a contact for or is in a contactgroup attached to that host, bobtest can continue to see the defined service in CCM.
If I take a previously created service and add it to a host that bobtest is a contact for or is in a contactgroup attached to that host, bobtest can continue to see the defined service in CCM.
However, if I do not attach that service directly to a host, but instead attach it to a hostgroup that contains hosts that bobtest is a contact for or is in an attached contactgroup of which bobtest is a member, bobtest can no longer see that service in CCM.
In fact, if I attach the EA-Admins contactgroup directly to the defined service or even attach the bobtest contact directly to the service, bobtest still cannot see the service in CCM.
It seems the only inheritance is by having the contact or contactgroup of which the contact is a member directly attached to a host that the defined service is also directly attached. If this is by design it severely undermines the value of this functionality. If it isn't by design, then do you have any ideas as to what I am missing here?
FYI this is Nagios XI 5.5.2 running on a CentOS 7.5 system with a local MariaDB backend.