Zabbix currently requires users to have the Zabbix Super Admin access level in order to create host groups even if their other permissions give them read-write access to all host groups.
I am my company's primary Zabbix administrator. We have engineers who need to have full access to both create and modify hosts and host groups in order to do their jobs, but our security policies strongly discourage giving anyone other than the Zabbix administrators access to do things such as modify users and the basic configuration of the server. This lack of fine-grained permissions control puts me in the uncomfortable position of having to give engineers access to functions they have no business having access to in order to give them access to functions they need in order to do their jobs.
There are a number of possible solutions to this problem:
- Allow anyone who has read-write access to all host groups to create host groups.
- Have a global configuration option that toggles between the above behavior and the existing behavior.
- Put a checkbox on each user's configuration page saying "User can create host groups".
Thank you for your time.