[#ZBXNEXT-4481] Reveal User group permissions in Host groups

[ZBXNEXT-4481] Reveal User group permissions in Host groups Created: 2018 Apr 04 Updated: 2019 Apr 09
Status:	Open
Project:	ZABBIX FEATURE REQUESTS
Component/s:	API (A), Frontend (F)
Affects Version/s:	3.0.16
Fix Version/s:	None

Type:

Change Request

Priority:

Major

Reporter:

Marc

Assignee:

Alexander Vladishev

Resolution:

Unresolved

Votes:

Labels:

adminuser, permissions, usability

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Description

In the configuration view of a User group Zabbix-Admins may find out easily what permission applies to which host group(s) resp. host(s).

But sometimes it is desirable to do the exercise the other way around too. That's to say, looking at a Host group and finding out which User groups apply permission to it and which users have finally access granted or explicitly denied.

Comments

Comment by Marc [ 2018 Jun 06 ]

Just hacked together this one after a request of an admin on site - maybe it's for the time being useful to anyone else too (see last condition of WHERE clause!):

zabbix=# SELECT ug.name user_group,
zabbix-#        p.name permission
zabbix-# FROM   groups hg,
zabbix-#        rights r,
zabbix-#        usrgrp ug,
zabbix-#        ( VALUES
zabbix(#         ( 1, 'Deny' ),
zabbix(#         ( 2, 'Read' ),
zabbix(#         ( 3, 'Read-Write' )
zabbix(#        ) AS p ( id, NAME )
zabbix-# WHERE  ug.usrgrpid = r.groupid
zabbix-#        AND r.permission = p.id
zabbix-#        AND r.id = hg.groupid
zabbix-#        AND hg.NAME = 'A Host group name one is interested in';
                  user_group                   |    permission
-----------------------------------------------+------------
 A User group                                  | Read-Write
 Another User group                            | Read
 Yet another User group                        | Read
 What shall I say, a User group                | Read

Should be fairly easy to extend it to reveal users behind user groups as well.

Comment by Marc [ 2019 Apr 09 ]

Similar statement working with MySQL (the one in the previous comment was for Postgres):

SELECT ug.NAME user_group,
       CASE
         WHEN r.permission = 1 THEN 'Deny'
         WHEN r.permission = 2 THEN 'Read'
         WHEN r.permissionis = 3 THEN 'Read-Write'
       END     AS permission
FROM   groups hg,
       rights r,
       usrgrp ug
WHERE  ug.usrgrpid = r.groupid
       AND r.id = hg.groupid
       AND hg.NAME = 'A Host group name one is interested in';

Generated at Wed Apr 24 01:21:55 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.

[ZBXNEXT-4481] Reveal User group permissions in Host groups Created: 2018 Apr 04 Updated: 2019 Apr 09