[ZBX-23094] JIT Ldap provisioning does not appear to assign template permissions properly Created: 2023 Jul 13 Updated: 2023 Jul 19 Resolved: 2023 Jul 19 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Templates (T) |
| Affects Version/s: | 6.4.4 |
| Fix Version/s: | None |
| Type: | Problem report | Priority: | Major |
| Reporter: | Darrell Budic | Assignee: | Alexey Pustovalov |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | templates | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Zabbix 6.4.4 new installation |
||
| Attachments: |
Screen Shot 2023-07-12 at 6.31.09 PM.png
Screen Shot 2023-07-12 at 6.32.24 PM.png
|
||||||||
| Issue Links: |
|
||||||||
| Description |
|
Steps to reproduce:
Result: The new JIT user is created and assigned to a user group. Their Host Group access populates correctly, but their template/template group access does not seem to work even though it shows up in their user permissions tab. Updating group permissions does not seem to have any effect on the JIT user. Expected: |
| Comments |
| Comment by Alexey Pustovalov [ 2023 Jul 14 ] |
|
I see you provided read permissions to Templates group. Read permission does not allow perform modifications to any objects (including templates), that is why you do not see these templates in "Template groups" section. |
| Comment by Darrell Budic [ 2023 Jul 14 ] |
|
Ah, I had assumed that they would be able to see them with read permissions. Does that mean that you have to read/write permissions to the templates to assign them to a host? That was my original issue with LDAP created users, they couldn't assign templates to hosts via the API. |