-
Incident report
-
Resolution: Duplicate
-
Blocker
-
None
-
4.0.1
-
Ubuntu 18.04.1 LTS
PostgreSQL 10.5
Permission failure on Maps, Dashboard and Screens
In my environment, there are:
- a map ( M1) with all hosts involved in a group ( Group1 ) and images. Map is not shared with any groups or user.
- a map ( M2 ) with all hosts involved in a group ( Group2 ) and images. Map is not shared with any groups or user.
- a User group ( UG1 ) that can read and write to Group1
- a User ( U1 ) with Zabbix Admin role and it belongs to UG1
I cannot believe that U1 can see M2 map because it contains images! U1 cannot see Group2 hosts, but it can be also access to dashboard and screen if map is added in.
Please fix this vulnerability!
- duplicates
-
ZBXNEXT-4566 Permission zabbix administrator on maps with images
- Reopened