mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-25 14:54:24 +02:00
Matthias Jentsch
parent
edd1c2a1f3
commit
4a591db438
@ -29,7 +29,7 @@ section [Permissions](#permissions).
|
|||||||
|
|
||||||
There are all kinds of different objects in Icinga Web 2: Hosts, Services, Notifications, Downtimes and Events.
|
There are all kinds of different objects in Icinga Web 2: Hosts, Services, Notifications, Downtimes and Events.
|
||||||
|
|
||||||
By default, a user can **see everything**, but it is possible to **explicitly restrict** what each user can see using Restrictions.
|
By default, a user can **see everything**, but it is possible to **explicitly restrict** what each user can see using restrictions.
|
||||||
|
|
||||||
Restrictions are complex filter queries that describe what objects should be displayed to a user. Restrictions are described
|
Restrictions are complex filter queries that describe what objects should be displayed to a user. Restrictions are described
|
||||||
in greater detail in the section [Restrictions](#restrictions).
|
in greater detail in the section [Restrictions](#restrictions).
|
||||||
@ -42,7 +42,7 @@ For example, there might be user called **jdoe** authenticated
|
|||||||
using Active Directory, and a user **icingaadmin** that is authenticated using a MySQL-Database as backend. Both can be referenced by using their the user names **icingaadmin** or **jdoe**, when referring to those users in the configuration.
|
using Active Directory, and a user **icingaadmin** that is authenticated using a MySQL-Database as backend. Both can be referenced by using their the user names **icingaadmin** or **jdoe**, when referring to those users in the configuration.
|
||||||
|
|
||||||
Icinga Web 2 users and groups are not configured by a configuration file, but provided by
|
Icinga Web 2 users and groups are not configured by a configuration file, but provided by
|
||||||
an **authentication backend**. For extended information on setting up authentication backends and managing users, please read the chapter [authentication](authentication.md#authentication).
|
an **authentication backend**. For extended information on setting up authentication backends and managing users, please read the chapter [Authentication](authentication.md#authentication).
|
||||||
|
|
||||||
|
|
||||||
<div class="info-box">
|
<div class="info-box">
|
||||||
@ -59,12 +59,13 @@ can be found at **Configuration > Authentication > Users **.
|
|||||||
|
|
||||||
### Groups
|
### Groups
|
||||||
|
|
||||||
If there is a big amounts of users to manage, it would be tedious to specify each user
|
If there is a big amount of users to manage, it would be tedious to specify each user
|
||||||
separately when referring to a bigger group of users at once. Because of that, any user can be a member of multiple groups, and will inherit all permissions and restrictions.
|
separately when referring to a bigger group of users often. Because of that, it is possible to group users together into groups.
|
||||||
|
A user can be member of multiple groups and will inherit all permissions and restrictions.
|
||||||
|
|
||||||
Like users, groups are identified solely by their **name** that is provided by
|
Like users, groups are identified solely by their **name** that is provided by
|
||||||
a **group backend**. For extended information on setting up group backends,
|
a **group backend**. For extended information on setting up group backends,
|
||||||
please read the chapter [authentication](authentication.md#authentication).
|
please read the chapter [Authentication](authentication.md#authentication).
|
||||||
|
|
||||||
|
|
||||||
#### Managing Groups
|
#### Managing Groups
|
||||||
@ -140,10 +141,10 @@ are in the namespace **config/authentication**
|
|||||||
|
|
||||||
**Wildcards** can be used to grant permission for all actions in a certain namespace.
|
**Wildcards** can be used to grant permission for all actions in a certain namespace.
|
||||||
The permission **config/ ** would grant permission to all configuration actions,
|
The permission **config/ ** would grant permission to all configuration actions,
|
||||||
while just specifying a wildcard ** * ** would give permission for all actions.
|
while just specifying a wildcard * would give permission for all actions.
|
||||||
|
|
||||||
When multiple roles assign permissions to the same user, either directly or indirectly
|
When multiple roles assign permissions to the same user (either directly or indirectly
|
||||||
through a group, all permissions will be combined to get the users actual permission set.
|
through a group) all permissions can simply be added together to get the users actual permission set.
|
||||||
|
|
||||||
#### Global permissions
|
#### Global permissions
|
||||||
|
|
||||||
@ -187,7 +188,7 @@ are described in detail in [monitoring module documentation](/icingaweb2/doc/mod
|
|||||||
Restrictions can be used to define what a user or group can see by specifying
|
Restrictions can be used to define what a user or group can see by specifying
|
||||||
a filter expression. By default, when no restrictions are defined, a user will be able
|
a filter expression. By default, when no restrictions are defined, a user will be able
|
||||||
to see every object available. When a restriction is specified for a certain object type
|
to see every object available. When a restriction is specified for a certain object type
|
||||||
the user will only be able to see objects applied.
|
the user will only be able to see objects matched by those filters.
|
||||||
|
|
||||||
|
|
||||||
### Filterable Objects
|
### Filterable Objects
|
||||||
@ -200,12 +201,14 @@ are the objects provided by the monitoring module. The monitoring module provide
|
|||||||
**hosts** and **services** as filterable objects:
|
**hosts** and **services** as filterable objects:
|
||||||
|
|
||||||
|
|
||||||
| Keys | Restricts |
|
| Keys | Restricsts |
|
||||||
|----------------------------|-----------------------------------------------|
|
|----------------------------|-----------------------------------------------|
|
||||||
| monitoring/filter/objects | Applies host and service filters to all hosts |
|
| monitoring/filter/objects | Applies host and service filters to all hosts |
|
||||||
|
|
||||||
|
|
||||||
A complete list of all available filter columns can be found in
|
#### Filter Columns
|
||||||
|
|
||||||
|
Filters operate on object attributes. A complete list of all available filter columns on hosts and services can be found in
|
||||||
the [monitoring module documentation](/icingaweb2/doc/module/doc/chapter/monitoring-security#monitoring-security-restrictions).
|
the [monitoring module documentation](/icingaweb2/doc/module/doc/chapter/monitoring-security#monitoring-security-restrictions).
|
||||||
|
|
||||||
### Filter Expressions
|
### Filter Expressions
|
||||||
@ -287,4 +290,4 @@ Q: I cannot see the menu for changing roles in Icinga Web 2
|
|||||||
|
|
||||||
A: Your user lacks the permission to change the authentication configuration,
|
A: Your user lacks the permission to change the authentication configuration,
|
||||||
add a new role in roles.ini that gives your current user
|
add a new role in roles.ini that gives your current user
|
||||||
the permission to access **config/authentication/* **
|
the permission to access **config/authentication/**
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user