TECHZEN Zenoss User Community ARCHIVE  
FORUMS / Configuration & Administration / DISCUSSION

Zenoss Core 4.2.5, Management groups of devices

Subject: Zenoss Core 4.2.5, Management groups of devices
Author: Peter Konev
Posted: 2017-09-20 05:16

Hi Team,
I need to allow some users add/remove devices to/from groups. After i add rights "Manage Devices" to users for "Device" class and add some user to ZenManager group for some group, this user got the opportunity to add devices in group. But if i try delete device from group only i get error that the user not have rights to delete the device object.
I can add rights "Delete Device" for group zenuser, but in this case users will get access to delete devices object from monitoring system.

I attach two screenshots with my testuser rights list, first for Device class, and second for group "test".

Thank you.


------------------------------
Regards,
Peter Konev
------------------------------

Subject: RE: Zenoss Core 4.2.5, Management groups of devices
Author: Jane Curry
Posted: 2017-09-25 06:29

A few thoughts here...

I believe you are only trying to change a device's membership of a group here, not fundamentally add or delete devices or add or delete Device Groups?  Right????

Have you considered creating a new Role that allows what you want and then putting users into that role, rather than changing existing roles?

I have had a bit of a look through Device.py and Organizer.py and cannot see any reason why this isn't working for you - you need ZEN_COMMON, ZEN_VIEW and ZEN_CHANGE_DEVICE - but you seem to have all of those.

Have you considered using the Administered Objects technique to selectively permit users more authority for some categories of device?  It is old now but I wrote a paper way back - https://wwhttps://www.skills-1st.co.uk/papers/jane/users_events_zproperties_paper.pdfw.skills-1st.co.uk/papers/jane/users_events_zproperties_paper.pdf  that explored the sort of thing you are trying to do.  The GUI has changed a lot since then but the underlying users and roles code has changed very little.

You might explore using my UserRole ZenPack at https://github.com/jcurry/ZenPacks.skills1st.UserRoles/tree/4.x  

Cheers,
Jane

------------------------------
Jane Curry
Skills 1st United Kingdom
jane.curry@skills-1st.co.uk
------------------------------

Subject: RE: Zenoss Core 4.2.5, Management groups of devices
Author: Peter Konev
Posted: 2017-09-27 07:32

Hi Jane,

Thanks for reply. 
Yes i tried to give rights to some users for change devices membership of a group. For this i created new special role that called GroupManager, this role is local for Groups. I set to this role next privileges:


This user has next privileges to /zport/dmd container via role ZenUser:



I understand this is very strange, but with this privileges my user can add any device to group, but can't delete this device from group.

I want to try your ZenPack but link for Zenoss 4+ is not works.

Thank you.

Best Regards,
Peter.



2017-09-25 15:28 GMT+05:00 Jane Curry via Zenoss



--
Regards,
Peter.

Subject: RE: Zenoss Core 4.2.5, Management groups of devices
Author: Jane Curry
Posted: 2017-09-27 08:55

That github link that I gave should allow you to download the whole ZenPack.  If you just want the egg version, it is under the dist subdirectory -  https://github.com/jcurry/ZenPacks.skills1st.UserRoles/blob/4.x/dist/ZenPacks.skills1st.UserRoles-1.1.3-py2.7.egg .  There is a download button from there that should get you the egg file.

Cheers,
Jane

------------------------------
Jane Curry
Skills 1st United Kingdom
jane.curry@skills-1st.co.uk
------------------------------


< Previous
docker-pool full 		  Next
Integration with ServiceNow 		>