|
We are now on 1.8(3) w/ Ubuntu 10.04 and we still would love this functionality.
|
|
i'm assuming this is about access permissions on it services
|
|
Mail from Mike Cotrone to [email protected]:
Yes multi group level access. Thanks!
|
|
Added suggested patch for pruning the service tree.
I just realized that this doesn't work if you want to define services in the web interface, since it will hide any nodes that haven't got any children, making it hard to add children to the newly created (and now hinden) ndoe.
|
|
A way to hide/show specific IT services based on the user's group would be much appreciated. This could easily be tied into the current permission scheme by only showing IT Services for which the logged in user has permissions to access all of the underlying triggers.
|
|
I face the same issue. I define an TI hierarchy as follows:
- root
| _ Organization A (not associated with trigger, nor calculated) |
| __ Service A-1 |
| __ Service A-2 |
| __ Service A-3 |
| _ Organization B (not associated with trigger, nor calculated) |
| __ Service B-1 |
| __ Service B-2 |
| __ Service B-3 |
| _ Organization C (not associated with trigger, nor calculated) |
| __ Service C-1 |
| __ Service C-2 |
| __ Service C-3 |
Currently:
Users that monitor hosts at Organization A, are able to see "Organization B" and "Organization C" in the hierarchy, but not their children with triggers assigned.
Expected:
We would like to hide at all higher levels too, so that user that monitor Organization A, don't see Organization B and Organization C levels at all, if it's unrelated with them.
Proposal:
By default, hide all higher levels in the hierarchy to everyone, unless there is at least one trigger in its sub-hierarchy where the user has permission to read.
Another alternative would be to add a separate assignment of permissions per IT Service
|
|
Bump. Not sure if this is really a feature or whether it is a bug in permission structure TBH
|
|
working patch as of 2.4.7
http://balaioti.blogspot.fr/2013/12/zabbix-multi-tenant-it-services-working.html
|
|
yep, this one is strange, can't use it services if we want to share some zbx user logins ;[
|
|
There is a hack to do this but it's not ideal. We created a branch from root called Services, then created individual SLAs specific for each tenant user. All these SLAs created must have a trigger assigned to them and that trigger must be linked to a host that only the required users have permissions for.
It is also worth noting that Maps and Screens are also subject to the same disfunction. Therefore, you must have no screens with zero elements (they will show in the drop-down menu) and no maps without host or triggers in the same manner as above.
|
|
We are now on 3.0.1 and we still would love this functionality.
|
|
Can please also echo i plea to implement this functionality this is a great feature in Zabbix but i really only want users to see their own data not everything in IT services..
|
|
We're on 3.2 and we will love this functionality to be included in Zabbix!
|
|
Would love to see user / user group restrictions for IT services implemented
|
|
Thanks. We will see if we can get this into 4.0 .
|
|
We also need to restrict our customer users to see only their own IT services. As we're using Zabbix 3.0 it would be nice if it would be implemented also in this version.
|
|
pu,
this is quite unlikely to happen for an already released version. However, might be worth to get in touch with sales at zabbix dot com.
|
|
We need this feature. Hope to see in next big release.
|
|
Any update from Zabbix if this will be changed? Would be nice not to manually patch this.
Edit: One option could be to create custom views and use similar permissions setup as dashboards now have with public/private.
|
|
please fix it, is a must ..
|
|
When will it be enter in the roadmap?
|
|
ca6eca, likely not before (co-)sponsoring its development  .
|
|
Will the SLA restriction per user be implemented?
|
|
Please inform if possible the roadmap for this fix.
Is there any workaround?
|
|
Please informe if this will be implemented or if exists any workaround.
|
|
Agree. It's very important when we work with multiple customers. Please inform us.
|
|
Unfortunately I couldn't get an approve that it is going to be part of 4.4 . If there is an urge, as mentioned in comments above, someone needs to take the leadership of co-sponsoring this development and request the quote from the Sales team.
|
|
Dear Dimir,
The problem was detected in version 1.6, so I believe there was already investment to solve it.
I respect your suggestion, but that's my opinion.
Tks,
Celio di Cavalcanti
|
|
I agree with Celio.
|
|
I agree with Celio.
|
|
Look, I'm not a decision maker what goes into release. I was trying to get some attention to this issue and provide you with some input. I was told, there are more top-voted feature requests out there, waiting to be implemented. The "Votes" matter.
|
|
I have now voted. Please add this feature, many MSP use zabbix and this is a TOP feature!
|
|
Voted as well.
|
|
I implemented a quick workaround, perhaps he can help someone.
there is two prerequisite:
- username for your customer access as some kind of information (for me it's always 'cust-xxxx' for exemple, xxxx depending of the customer
- second level of the tree is named to match the customer who need access: for exemple i've x second level nodes with name like 'cust-xxxx, cust-yyyyy, cust-zzzz, ...'
- then the small snippet below simply check if the current logged in user start with 'cust-' (it's customer access), then if the xxxxx parts match between the user and the second level node.
- if it match, the node and all childs are displayed
- if it doesn't match, the node and all childs are filtered
- if the username doesn't starts with 'cust-', then nothing is done (admn and internal access)
see attached patch (username-filtering.patch)
|
|
This is a working solution as someone has already posted. i am using it in 4.4.6 and it works well.
http://balaioti.blogspot.fr/2013/12/zabbix-multi-tenant-it-services-working.html
My SLA is structured as group then one level down devices in the group and next level down triggers for the SLA
The only thing i changed in the above link was to comment out the line below. As this prevents a weird printout at the top of the screen above the Services headline.
#print_r($children['servicedownid']);
|
|
Thanks for the link to the blog. This helps me a lot.
Now I only need to use the API interface to mass insert services/trigger.
|
|
Hello Zabbix! Sorry to brother you but this feature is very, very important for us.
Please!, input this feature on roadmap.
Thank you in advance!
|
|
Hey all! We are working on massive improvements for service-related functionality. Support of user permissions for services is part of it. The functionality is planned to be delivered in Zabbix 6.0 LTS by the end of this year.
|
|
Looks like ZBXNEXT-6787 will implement this one.
|
|
This functionality was implemented under ZBXNEXT-6787 and available in 6.0.0alpha3 and later releases.
|
Generated at Wed Apr 24 00:05:07 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.
0001-Prune-the-IT-services-tree-of-nodes-with-no-triggers.patch
username-filtering.patch