-
Documentation task
-
Resolution: Fixed
-
Major
-
2.2.2
-
Sprint 26, Sprint 27
-
0
This issue is about a probably well known problem in connection with template inheritance and its permissions.
Template inheritance example:
Linux template -> Service1 template -> some hosts
Linux template -> Service2 template -> some hosts
Linux template -> Service<n> template -> some hosts
Linux template -> lots of other hosts
Linux administrator has write permission to Linux template and all related hosts.
Service operator has write permission to his or her service template and related hosts.
Now when the Linux administrator creates an item in the Linux template, then this operation succeeds without any error.
In fact the item gets created in all hosts except the ones behind the service templates.
When the Linux administrator then creates a trigger in the same template based on the same item, the operation fails because the missing item behind the service templates.
This appears really not trivial to solve and there's a lot of room for discussion about what would be the "right" behavior.
Anyhow, for now I'd appreciate the API item creation request either to succeed with a proper warning or to fail (of course with a proper message as well).
At least it should be somehow noticeable so that a Zabbix-Super-Admin may re-save the item in question to assure consistency.
If such (interim) behavior is still out of question, I'd expect the trigger creation to work the same way the item creation does (successful creation on hosts with proper permission) - what would still result in inconsistent inheritance though.
I heard that the current behavior/limitation should already have been documented but I haven't found it yet.
Possibly one could add a link to one of these places:
https://www.zabbix.com/documentation/2.2/manual/config/templates/nesting
https://www.zabbix.com/documentation/2.2/manual/config/users_and_usergroups/permissions
https://www.zabbix.com/documentation/2.2/manual/appendix/faq
