Self-compiled Zabbix 1.8.4 on Debian GNU/Linux Lenny 32-Bit

Andreas,

It is supposed to work this way. Only resources with write permissions can be used for configuration. For example: a host with read-write access can be added to a map.

Alexei,

I'd have to agree with Andreas that this seems to be counter-intuitive and breaks functionality and security of the system.

For example, if an admin user who has complete RW access to numerous systems in their own groups needs to simply change the name of one of their systems, they would not be able to if they don't have RW permissions on the linked template. This causes people to be LESS secure, as they need to grant RW to these admins to templates – which is not preferable.

In order to modify a template, a user should need RW access; in order to link to a template, a user should only need R.

-Michael

I agree with Michael and Andreas. I would like to be able to allow some of my admins to link their hosts to the global templates, but change them. As it stands, in order for their hosts to inherit the items from the global templates, I have to either a) assign them write access to the "Templates" group, allowing them to modify any template therein, b) make a copy of the templates they need in a group to which they have write access, which allows them to change the template and could become very cumbersome to maintain for several distinct groups with such requirements.

We also have a model where we have template admins and host admins , only template admins are allowed to change the templates.
We really woud like to see that we don't need to give full access on our templates to our host admins.
Is it possible to review the current resolution.

Alexei and others,

When an admin has only RO access to the templates but RW access to the host, it is possible for this restricted admin to unlink the template from the host. If linking has to have RW access, why unlinking does not has to have this rights?

We would like some admins to have RW access to the hosts they are watching, but we don't want to give them RW access to the templates these hosts use. Read Only would the right setting for them, they must not be able to change the templates. Is there a way to get this done?

We are having problems where inexperienced users mistakenly edit Templates. This globally breaks the Template for all Hosts.

We need to prevent these users from editting Templates, but still allow them to assign Templates to Hosts.

jan-paul at the 2011 Jun 20 16:18 mentioned that "Unlink" is possible, but actually it's not possible. Actually only "Unlink and clean" is possible.

Linked issue ZBX-4515

Reopened. It will be reconsidered in future.
No ETA.

I think it's linked with https://support.zabbix.com/browse/ZBX-5108.
I think 1.8.x should behave in the same manner as 2.x.

Related issue: ZBX-5601

Fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-3534

TESTED

Fixed in versions pre-2.1.0 (beta) r32860, pre-2.0.5rc1 r32859

Please note this in the API changelog as well.

Eduards API changelog updated.

jelisejev Thank you.