Authorization

About

Authorizations to view and edit objects within OP5 Monitor are configured using the Group rights tool under the Configuration drop-down menu.

Group rights

Authorizations are only set on groups. Hovering the mouse over an authorization point will make a tool tip appear, explaining what the setting does. This will highlight the corresponding group and setting.

Expand/Contract authorization categories

The authorization categories are contracted by default. You can either choose to expand or contract all categories simultaneously by clicking the Expand All and Contract All buttons:

or expand or contract them individually by clicking the +/- sign underneath each category:

Select/Deselect all rights

To select or de-select all the rights in a group of rights (for example: "Host"), check the box below the group of rights that you would like to add or remove:

The minus sign (minus) in the checkbox means that the group of rights is partially selected. In other words, some but not all rights in the group are checked.

Lookup user

You can find out which groups a user is a member of by entering a username in the Lookup user text box and clicking the Lookup button:

The groups that the user is a member will be highlighted and the authentication driver that they belong to will be indicated with an X.

You will also get a list of additional groups the user is a member of underneath the Lookup user text box. An empty search string will hide the list and remove the highlights.

Filter groups

By adding a filter text in the Filter groups text box and clicking Filter groups you can set a filter on the visible groups.

Wildcard characters are neither supported nor needed. For example the filter strings "ad", "a" and "min" will all match a group called "admins".

An empty filter string will reset the filter

Add, delete, rename groups

Renaming a group is done by typing a new name in the group name text box.

In the GUI you can create one new group each submit by filling the blank text box with the group name you want to create. To add a LDAP or Active Directory group type in the name of the group as it is named in your LDAP or Active Directory. Deletion of groups is done by removing the group name from the text box and leaving it blank when submitting your changes.

Configuration files used by authorization

The file '/etc/op5/auth_groups.yml' consists of all defined groups and their respective permissions. The GUI does not have to be used to edit authorization but we recommend that you use it to avoid syntax problems.

Authorization points

Authorization pointDescription
System informationGives the user access to the system/process information.
Configuration InformationGives the user access to view and change configuration
System CommandsGives the user access to issuing commands in the web GUI.
Api CommandGives the user access to the HTTP-API commands interface which allows users issue external commands to Naemon. Authorized commands are dependent on if the user has 'system_commands' for system wide commands, 'host edit' and 'service edit' for host/service specific commands.
Api ConfigGives the user access to the HTTP-API configuration interface. Requires edit rights on corresponding object type.
Api StatusGives the user access to the HTTP-API status interface. Requires edit rights on corresponding object type.
Api ReportGrants the user access to the HTTP-API report interface which allows users to fetch raw report data. Requires edit rights on corresponding object type.
Host Add DeleteGives the user right to add and delete hosts.
Host View AllGives the user right to view all hosts.
Host View ContactGives the user right to view hosts that he/she is contact for.
Host Edit AllGives the user right to edit all existing hosts.
Host Edit ContactGives the user right to edit hosts that he/she is contact for.
Host Command AcknowledgeGrants the user permissions to add and remove problem acknowledgments on hosts.
Test This HostGives the user right to test the host that is being configured.
Service Add DeleteGives the user right to add and delete services.
Service View AllGives the user right to view all services.
Service View ContactGives the user right to view services of which one is a contact.
Service Edit AllGives the user right to edit all existing services.
Service Edit ContactGives the user right to edit services that he/she is contact for.
Test This ServiceGives the user right to test the service that is being configured.
Hostgroup Add DeleteGives the user right to add and delete host groups.
Hostgroup View AllGives the user right to view all host groups.
Hostgroup View ContactGives the user right to view host groups for which one is a contact.
Hostgroup Edit AllGives the user right to edit all existing host groups.
Hostgroup Edit ContactGives the user right to edit host groups for which one is a contact.
Servicegroup Add DeleteGives the user right to add and delete service groups.
Servicegroup View AllGives the user right to view all service groups.
Servicegroup View ContactGives the user right to view service groups for which one is a contact.
Servicegroup Edit AllGives the user right to edit all service groups.
Servicegroup Edit ContactGives the user right to edit service groups for which one is a contact.
Hostdependency Add DeleteGives the user right to add and delete host dependencies.
Hostdependency View AllGives the user right to view host dependencies.
Hostdependency Edit AllGives the user right to edit host dependencies.
Servicedependency Add DeleteGives the user right to add and delete service dependencies.
Servicedependency View AllGives the user right to view service dependencies.
Servicedependency Edit AllGives the user right to edit service dependencies.
Hostescalation Add DeleteGives the user right to add and delete host escalations.
Hostescalation View AllGives the user right to view host escalations.
Hostescalation Edit AllGives the user right to edit host escalations.
Serviceescalation Add DeleteGives the user right to add and delete service escalations.
Serviceescalation View AllGives the user right to view service escalations.
Serviceescalation Edit AllGives the user right to edit service escalations.
Contact Add DeleteGives the user right to add and delete contacts.
Contact View AllGives the user right to view contacts.
Contact Edit AllGives the user right to edit contacts.
Contactgroup Add DeleteGives the user right to add and delete contact groups.
Contactgroup View AllGives the user right to view contact groups.
Contactgroup Edit AllGives the user right to edit contact groups.
Timeperiod Add DeleteGives the user right to add and delete time periods.
Timeperiod View AllGives the user right to view time periods.
Timeperiod Edit AllGives the user right to edit time periods.
Command Add DeleteGives the user right to add and delete commands.
Command View AllGives the user right to view commands.
Command Edit AllGives the user right to edit commands.
Test This CommandGives the user right to execute commands.
TemplateGives the user right to view and change templates.
WikiGives the user right to view, create and change Dokuwiki pages for objects one is authorized to see.
Wiki AdminGives the user right to access the Dokuwiki admin panel.
FileGives the user right to change the file that stores an object.
Access RightsGives the user right to edit access rights.
PNPGives the user right to access graphs.
Saved Filters GlobalGives the user right to create and delete global filters for listviews.
ExportGives the user right to export or save one's own configuration.
Host Template View AllGives the user right to view host templates.
Host Template Edit AllGives the user right to edit host templates.
Host Template Add DeleteGives the user right to add and delete host templates.
Service Template View AllGives the user right to view service templates.
Service Template Edit AllGives the user right to edit service templates.
Service Template Add DeleteGives the user right to add and delete service templates.
Contact Template View AllGives the user right to view contact templates.
Contact Template Edit AllGives the user right to edit contact templates.
Contact Template Add DeleteGives the user right to add and delete contact templates.
Configuration AllGives the user right to export and import all configuration.
Nagvis Add DeleteGlobal permission to add and delete all NagVis maps.
Nagvis ViewGlobal permission to view all NagVis maps.
Nagvis EditGlobal permission to edit all NagVis maps.
Nagvis AdminGet full permission for NagVis, including global configuration
Logger AccessGives user access to view the Logger interface
Logger ConfigurationGives user access to modify Logger configuration
Logger Schedule Archive SearchGives user access to schedule Logger searches in archived logs