Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-1035

users can add graphs to hosts they have no access to

    Details

    • Type: Incident report
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.6.6
    • Fix Version/s: None
    • Component/s: Frontend (F)
    • Labels:
      None
    • Environment:
      1.6.6

      Description

      default 1.6.6 installation.
      as admin, export default zabbix server and create new host in a new hostgroup, then create a new zabbix admin user that has read access to this new group only.

      log out, log in as the new user and import the exported template.

      it starts good by saying :
      "Host [ZABBIX Server] skipped - Access deny."

      then it continues with slightly more weird messages :
      "Trigger [FTP server is down on

      {HOSTNAME}

      ] skipped - missing host"

      but in the end, graph operations succeed when they should not have :
      "Graph "CPU Loads" added to hosts "ZABBIX Server"
      Graph "CPU Utilization" added to hosts "ZABBIX Server"
      Graph "Network utilization" added to hosts "ZABBIX Server"
      Graph "Disk usage" added to hosts "ZABBIX Server""

      log out, log in as admin and verify that graphs indeed have been added.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              richlv richlv
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: