Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-24250

SAML: Member of multiple groups does not get the role with highest permission level

XMLWordPrintable

    • Icon: Incident report Incident report
    • Resolution: Duplicate
    • Icon: Trivial Trivial
    • None
    • 6.4.12
    • None
    • None
    • Zabbix in container (ubuntu) with postgres

      Steps to reproduce:

      1. SSO with Azure AD / SAML (see attached screenshots)
      2. The roles (builtin "Super Admin role" and a custom role with restricted permissions of User type "Super admin") are mapped to two AD groups in SAML config
      3. User is member of both AD groups
      4. User signs into Zabbix

      Result:
      User gets custom role assigned, which has restricted permissions

      Expected:
      User gets role "Super admin role" assigned
      -> Based on the docs: If a user matches several Zabbix user roles, the user will get the highest permission level among them

      We use the User type "Super admin" to give the members access to all host groups, even newly created ones.

        1. image-2024-03-21-09-48-44-267.png
          image-2024-03-21-09-48-44-267.png
          102 kB
        2. image-2024-03-21-09-50-54-713.png
          image-2024-03-21-09-50-54-713.png
          56 kB
        3. image-2024-03-21-09-52-39-694.png
          image-2024-03-21-09-52-39-694.png
          52 kB

            azyla Arkadiusz Zyla
            DrumPlayingSquid Arno Nym
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: