[ZBXNEXT-4091] Permission design for Dashboards in 3.4 Created: 2017 Sep 06  Updated: 2024 Apr 10  Resolved: 2018 Jun 03

Status: Closed
Project: ZABBIX FEATURE REQUESTS
Component/s: Frontend (F)
Affects Version/s: 3.4.1
Fix Version/s: 3.4.2rc1, 4.0.0alpha1, 4.0 (plan)

Type: Change Request Priority: Trivial
Reporter: Dmitrijs Lamberts Assignee: Alexander Vladishev
Resolution: Fixed Votes: 1
Labels: dashboard, permissions
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
Sub-task
depends on ZBX-13021 3.4 whatsnew does not mention dashboa... Closed
Epic Link: DEV-654
Team: Team B
Sprint: Sprint 16, Sprint 33, Sprint 34, Sprint 35
Story Points: 0.5

 Description   

Problem
All users with Zabbix Admin permission can change every dashboard even if all user groups are added with read only sharing.

Requirements
It would be better to have the dashboard permissions like this:

  • Only Zabbix Super admin should be able to change default dashboard (ID=1). This should not be possible to delete - or it should be possible to set any dashboard as the "default" dashboard.
  • Only Zabbix Super admin should be able to change any other dashboard, unless readwrite access is granted
  • When user have no permission to edit, the button should be "Copy and edit" (or just "Clone"). Default permissions on new Dashboard should be that it is a private dashboard.

The problem is that some users with Admin user type may consider Public dashboards as their own and simply delete them which will affect all users.
Besides, no easy way to make an easy backup of dashboards, so such case will lead to full re-make of deleted dashboards.

 Comments   
Comment by Valdis Murzins [ 2017 Sep 13 ]

It was decided to change permission rules in dashboards for Zabbix Admin type users:

  • They should be able to see and clone dashboard, only if they have READ rights on it.
  • They should be able to edit and delete dashboard only if they have READ/WRITE rights on it.
  • They should not be able to change owner of dashboard.
Comment by Alexander Vladishev [ 2017 Sep 13 ]

Fixed in dev branch svn://svn.zabbix.com/branches/dev/ZBXNEXT-4091

Comment by Ronny Pettersen [ 2017 Sep 13 ]

How would this affect the Public/Private setting? What effect does this setting really have?

I would also set the default permissions whenever a user clones/creates a new dashboard:

  • Private
  • Noone have READ access
  • Only user have READ/WRITE
Comment by Alexander Vladishev [ 2017 Sep 13 ]

ronny.pettersen, Zabbix administrators will have same permissions to a dashboard as generic Zabbix users.

Comment by Ronny Pettersen [ 2017 Sep 13 ]

Ok, sounds good. Thanks

Comment by Alexander Vladishev [ 2017 Sep 13 ]

(1) Translation strings changes

Strings added:

  • Only super admins can set dashboard owner.

Strings deleted:

  • Only administrators can set dashboard owner.

Miks.Kronkalns CLOSED

Comment by Alexander Vladishev [ 2017 Sep 14 ]

Available in:

  • 3.4.2rc1 r72677
  • 4.0.0alpha1 (trunk) r72678
Comment by Alexander Vladishev [ 2017 Sep 14 ]

(2) [D] Documentation needs to be updated

martins-v Updated documentation:

Please review.

sasha Excellent! CLOSED

Generated at Thu Apr 25 01:55:34 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.