tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-23 05:44:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

doc/security: Add note about module permissions

Browse Source 
refs #9644
This commit is contained in:
Eric Lippmann 2015-07-27 15:07:43 +02:00
parent ec5bebea95
commit de29d66005
1 changed files with 31 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
doc/security.md
View File

@ -149,22 +149,26 @@ are in the namespace `config/modules`
The permission `config/*` would grant permission to all configuration actions,
while just specifying a wildcard `*` would give permission for all actions.
Access to modules is restricted to users who have the related module permission granted. Icinga Web 2 provides
a module permission in the format `module/<moduleName>` for each installed module.
When multiple roles assign permissions to the same user (either directly or indirectly
through a group) all permissions can simply be added together to get the users actual permission set.
through a group) all permissions are added together to get the users actual permission set.
#### Global permissions
### Global Permissions
Name | Permits
-------------------------------------|-----------------------------------------------------------------
* | Allow everything, including module-specific permissions
config/* | Allow all configuration actions
config/modules | Allow enabling or disabling modules
Name | Permits
--------------- ----|--------------------------------------------------------
* | Allow everything, including module-specific permissions
config/* | Allow all configuration actions
config/modules | Allow enabling or disabling modules
module/<moduleName> | Allow access to module <moduleName>
#### Monitoring module permissions
### Monitoring Module Permissions
The built-in monitoring module defines an additional set of permissions, that
is described in detail in [monitoring module documentation](/icingaweb2/doc/module/doc/chapter/monitoring-security#monitoring-security).
is described in detail in the [monitoring module documentation](/icingaweb2/doc/module/doc/chapter/monitoring-security#monitoring-security).
## <a id="restrictions"></a> Restrictions