Nagios Support Forum

Good afternoon,

When exploring user permissions and applying restrictive policies to prevent users from altering config files for host, I had set the following settings in the provided screenshot. When testing against these settings, the test user was able still to alter the configuration file for the host and save the configuration. Could you please provide me some guidance on how to set this properly.

Thank you and have a great day,

Joseph

Hi mrjsokol,
I have just tested this on my Nagios XI 5.7.5.
Nagios XI:
- My "test" user do not have permission to change configuration services (so works as defined).

Nagios Core:
- Basic auth (credentials) are cached from last login. If you are using basic auth, you must clear the browser cache to login as a different user.
- Please NOTE that there is NO logout button for Nagios Core, you must clear browser cache to login as another user.

To clear cache:
Ctrl+Shift+Delete > click "Clear Data"


Regards,
Vinh

Good evening,

I had cleared cache and did not prevent my user from changing configurations. I had verified that after clearing cache and only logging into that user that this was the case. I have PM'ed you the profile that you may look at the issue further.

Hi,
Here's the URL that would give you more info as to Understanding User Rights:
https://assets.nagios.com/downloads/nag ... Rights.pdf


Regards,
Vinh

Good morning,

As per your documentation and my screenshot, the read only permission is checked but was able to alter the configuration. If this is not suppose to work as intended in the documentation or there is an issue with my installation, could you please provide a solution.

"Basic Read-Only User
Common settings for a basic user who can see all
hosts and services that are being monitored, but who
cannot re-configure anything or submit commands to
the monitoring engine is shown in the image to the
right."

Hi mrjsokol,
Would it be possible that you take and upload screenshots for those user permission issues?

I am assuming the issue you were talking might be for Nagios Core, not Nagios XI .... but pictures would help.


Regards,
Vinh

Good morning,

The pictures were posted in the very first post and it is regarding the latest version of XI.

Hi mrjsokol,
I have confirmed this with my teammate as well.

"Can see all hosts and services" checked on the user, he can edit every host/service object in the CCM because limited access says: Also, sInce "Hosts" and "Services" are NOT part of that "Limited" list (below), user will be able to alter them.
Your only choise is to set that to "None". Regards,
Vinh

Good evening,

I have confirmed that the setting removes the user from even accessing those pages. Is there a way a user is able to view the settings without having the ability to alter them?

Hi,
As stated on the last reply. Host and Service are not part of the Limited list.

Sorry!!

Regards,
Vinh