[ZBXNEXT-4113] Zabbix user with read access can acknowledge Created: 2017 Sep 20  Updated: 2024 Apr 10  Resolved: 2017 Sep 25

Status: Closed
Project: ZABBIX FEATURE REQUESTS
Component/s: Frontend (F)
Affects Version/s: 3.4.1
Fix Version/s: None

Type: Change Request Priority: Trivial
Reporter: Ronny Pettersen Assignee: Unassigned
Resolution: Duplicate Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
Sub-task
part of ZBXNEXT-18 Send an alert after trigger being ack... Closed
Team: Team C
Sprint: Sprint 17

 Description   

A user with role "Zabbix User" who have access to read a host, can also Acknowledge events.
This would normally be fine, but in the case of a non-logged in user - which is mapped to user Guest, it is not ok.
These acknowledges comes up as Anonymous.

Would it be possible to change so that non-autenticated users mapped to guest cannot do acknowledgements?

 Comments   
Comment by richlv [ 2017 Sep 20 ]

probably a duplicate of ZBX-3561
maybe more fine-grained permissions levels are eventually needed (like a separate permission to acknowledge)

Comment by Ronny Pettersen [ 2017 Sep 20 ]

Yes, I agree. This request could perhaps handle only non-authenticated users (mapped to guest)?
That is if this is something easier to solve. Unless it needs a complete review of acknowledge permission.

I would say that non-authenticated users is allowed to acknowledge is more of a bug than the whole of read-only users.
The title of this request could perhaps be: Do not allow acknowledgement by non-authenticated users
or something more along those lines?

Comment by richlv [ 2018 Oct 05 ]

This is closed as a duplicate, but not linked - could somebody please link this as a duplicate?

Generated at Fri Apr 26 11:25:25 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.