configuration.export API method allows user to export host that is read-only

XMLWordPrintable

    • Type: Problem report
    • Resolution: Unsupported version
    • Priority: Trivial
    • None
    • Affects Version/s: 3.0.24, 4.0.3, 4.2.0alpha2
    • Component/s: API (A), Frontend (F)

      When user has read-only permission to host, it's not visible in configuration, so it's not possible to export it. Although using API it's possible. This applies not only to admin users, but regular users and guests, that have no access to configuration, but still are able to export hosts with all the (sensitive) data.

      a) Allow frontend to export read-only hosts?
      b) Prohibit exporting read-only hosts via API?

            Assignee:
            Zabbix Development Team
            Reporter:
            Ivo Kurzemnieks
            Team B
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: