Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-15141

Permissions failure

XMLWordPrintable

    • Icon: Incident report Incident report
    • Resolution: Duplicate
    • Icon: Blocker Blocker
    • None
    • 4.0.1
    • Frontend (F)
    • Ubuntu 18.04.1 LTS
      PostgreSQL 10.5

      Permission failure on Maps, Dashboard and Screens

      In my environment, there are:

      • a map ( M1) with all hosts involved in a group ( Group1 ) and images. Map is not shared with any groups or user.
      • a map ( M2 ) with all hosts involved in a group ( Group2 ) and images. Map is not shared with any groups or user.
      • a User group ( UG1 ) that can read and write to Group1
      • a User ( U1 ) with Zabbix Admin role and it belongs to UG1

      I cannot believe that U1 can see M2 map because it contains images! U1 cannot see Group2 hosts, but it can be also access to dashboard and screen if map is added in.

      Please fix this vulnerability!

        1. Screenshot_20181109_171510.png
          Screenshot_20181109_171510.png
          8 kB
        2. Screenshot_20181109_171529.png
          Screenshot_20181109_171529.png
          11 kB

            zabbix.dev Zabbix Development Team
            alxtom Alex Tomasello
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: