|
|
| Subject: | Setting up Zenoss users with restricted views of the infrastructure |
| Author: | [Not Specified] |
| Posted: | 2015-07-23 09:16 |
Hi folks,
Trying to create a user in my Zenoss (Core 4.2.5+zenups) that can only view a certain subset of the devices. For instance we have all of our devices organized into Groups by Business Unit and I want to set up a login for users from a particular business unit to only view their group.
So I create the user, deselect the Roles (i.e. they are not Manager, ZenManager, or ZenUser)
Then under Administered Objects, I select Add Group and select /Groups/BusinessUnit
The user logs in and can see the list of devices that belong to /Groups/BusinessUnit
But if s/he clicks on a device they are prompted to login - they don't have any rights to the devices that belong to /Group/BusinessUnit
I'm guessing that adding a Group means they could view or modify the group (ie add/delete members) but they need unique and specific Administrated Objects access to the devices in their Group as well.
Am I missing something or is there no way to use a Group as a collection of Administrated Objects
Thanks
Dave
| Subject: | Dave, |
| Author: | Andrew Kirch |
| Posted: | 2015-07-23 14:19 |
Dave,
I believe this should work the way you describe. Please file a bug. http://jira.zenoss.com
Andrew Kirch
akirch@gvit.com
Need Zenoss support, consulting or custom development Look no further. Email or PM me!
Ready for Distributed Topology (collectors) for Zenoss 5 Coming May 1st from GoVanguard
| Subject: | Done |
| Author: | [Not Specified] |
| Posted: | 2015-07-24 12:01 |
Done
https://jira.zenoss.com/browse/ZEN-18924
| Subject: | Similate problem but now with Run Commands |
| Author: | [Not Specified] |
| Posted: | 2016-01-19 09:56 |
This procedure is solved now in Zenoss 5.0.3 (I tested and now is correct). Now the problem than I founded is when you try to execute a selected "Commands" on Event Console.
Same procedure : "I create the user, deselect the Roles (i.e. they are not Manager, ZenManager, or ZenUser)"
Now I go to Zope, /zport/dmd/Events/manage -> and select "Security" Tab and chage permissions over "Run Commands" just like that:
deselect "Acquire permission settings" , and select (Authenticated, Manager, Owner, ZenManager, ZenUser), and Save changes.
(This permits show the buttons named: "Commands" on EventConsole for any authenticated user)
Now you can go to the EventConsole, select any event, and "Commands" is available, but when you clic on the any command of the list, always you are redirected to loging form with this URL:
https://zenossHost/zport/acl_users/cookieAuthHelper/login_formcame_from=https%3A//zenossHost/zport/dmd/run_command
I founded the JS script to create the black CommandWindow, on /opt/zenoss/Products/ZenUI3/browser/resources/js/zenoss/EventPanels.js
But on this code only is described a "win.show()" code to finish CommandWindow.... No permissions or Rules seems affect.
| Subject: | So you were able to create |
| Author: | [Not Specified] |
| Posted: | 2016-01-21 14:11 |
So you were able to create users in Zenoss 5 that only see certain devices Can you confirm this, it is a functionality I am looking for. I would like to setup a master Zenoss server that has all the devices of clients but selected clients can only see their devices.
Manuel
| Subject: | Confirmed |
| Author: | [Not Specified] |
| Posted: | 2016-02-03 03:01 |
Yes, This is possible now (tested on Zenoss 5.0.3). The important step is when you create the user, you have to "deselect" the user Role with CTRL+Clic, therefore User has not any Role and Administrated Objects will be applied -> Only view this devices or objects on Events, Infrastructure ....
Now the problem is the command button doesn't run any command, always redirect to Login form. Before you have to give the permission Buttons on Zope , but It does not seem to be enough.
| Subject: | anyone have tryied this ??? |
| Author: | [Not Specified] |
| Posted: | 2016-11-29 05:35 |
Brief description of the problem:An user (created with my procedure config in Zenoss - view first post where I described the how to), is be able to view your own devices, events , but Commands (in Events page) is not permitted (Zenoss redirect to login page).
| < |
Previous Zenoss transform on /status/ping not clearing |
Next Network Map Problem ! |
> |