Manage users, contacts, and permissions

Overview

OP5 Monitor users are grouped into user groups, to which you can assign permissions for specific components and functions of OP5 Monitor.

A contact is a special type of user who exists mainly to receive notifications, although you can grant contacts specific access permissions for OP5 Monitor, if required. Contacts are grouped into contact groups, which are associated with a host or service to receive notifications for that host or service. Contact groups can also be nested in other contact groups.

User permissions and authentication

You manage user permissions in OP5 Monitor as follows:

  • By assigning rights to a user group. For more information, see Update user permissions.
  • Through the NagVis permissions function, for specific NagVis modules. Note that general rights to access and update NagVis are managed through group rights as for other functions. For more information, see NagVis permissions.

OP5 Monitor authentication is managed using authentication drivers. Each driver handles both the authentication of users and resolving group memberships for users. OP5 Monitor includes three authentication drivers — default, LDAP, and Apache.

OP5 Monitor is delivered with a default authentication module based on the default driver, which it uses to authenticate you when you first log in to OP5 Monitor. If you want to change the way users are authenticated when they log in, you can define additional authentication modules, based on one of the three authentication drivers, then associate them with local users you create in OP5 Monitor. For details of how to add or update authentication modules, see Add or update authentication modules.

Saving changes to the configuration database

When you configure changes in OP5 Monitor, you need to perform an additional save to the OP5 Monitor database. The only user-related configuration, the items you need to save to the configuration database are contacts and contact groups. For more information, see Saving configuration changes and viewing the changelog.

Manage user groups

All user group operations are performed with the Group rights function, including adding and deleting user groups, renaming user groups, and assigning permissions to user groups.

You need to create user groups for all local users and any contacts which need to have access to OP5 Monitor.

Create or update a user group

To create or update a user group:

  1. Click Manage > Configure.
  2. In the Permissions section, click Group rights.
  3. If you are creating a new user group, type the name in a blank field on the left.

    Note: To specify a user group that is an existing LDAP or Active Directory user group, ensure that the name matches the existing name.

  4. Update user permissions next to the user group, as required. For more information, see Update user permissions.
  5. Click Save.

Delete a user group

To delete a user group:

  1. Click Manage > Configure.
  2. In the Permissions section, click Group rights.
  3. Delete the group name in the field on the left.
  4. Click Save.

Manage users

Before you create a new user, create the user group as described in Create or update a user group.

Create a user

To create a new user:

  1. Click Manage > Configure.
  2. In the Permissions section, click Local users.
  3. Specify the user details in the Create new user section, including name, password, authentication modules, and group membership. All of these fields are mandatory.
  4. Click Create new user.

Update a user

To update a user:

  1. Click Manage > Configure.
  2. In the Permissions section, click Local users. OP5 Monitor displays details of existing users.
  3. Overwrite the existing user details and click Save username.

Delete a user

To delete a user:

  1. Click Manage > Configure.
  2. In the Permissions section, click Local users. OP5 Monitor displays details of existing users.
  3. Click Delete username.

Manage contact groups

Contact groups are standard OP5 Monitor configuration objects, so the following apply:

In the contact group configuration page, mandatory fields are designated by an asterisk (*).

Create or update a contact group

To create or update a contact group:

  1. Click Manage > Configure.
  2. In the Checks and notifications section, click Contact groups.
  3. If you are updating a contact group, in Contactgroup to edit, select the contact group from the drop-down list and click Go.
  4. Enter or update the contact group name details:
    • contactgroup_name — ID of the contact object
    • alias — name of the contact
  5. Select the contacts to add as members in members.
  6. Select the contact groups to add as members in contactgroup_members.
  7. Click Submit.

Delete a contact group

To delete a contact group:

  1. Click Manage > Configure.
  2. In the Checks and notifications section, click Contact groups.
  3. In Contact to edit, search for the contact or select the contact from the drop-down list and click Go.
  4. Click Delete.
  5. Click Submit.

Manage contacts

Contacts are standard OP5 Monitor configuration objects, so the following apply:

Before you create a contact, check that you have created the following:

Create or update a contact

To create a new contact:

  1. Click Manage > Configure.
  2. In the Checks and notifications section, click Contacts.
  3. If you are updating the contact, in Contact to edit, search for the contact or select the contact from the drop-down list and click Go.
  4. Select the template.
  5. Enter or update the contact name details:
    • contact_name — ID of the contact object
    • alias — name of the contact
  6. Update the other contact fields, as required. For more details, see Contact options.
  7. If you want to grant the contact access to OP5 Monitor, check the Configure access rights for this contact checkbox and specify the login details.
  8. Click Submit.

Delete a contact

To delete a contact:

  1. Click Manage > Configure.
  2. In the Checks and notifications section, click Contacts.
  3. In Contact to edit, search for the contact or select the contact from the drop-down list and click Go.
  4. Click Delete.
  5. Click Submit.

Update user permissions

You assign user permissions by updating rights at user group level. You can assign a whole category of rights, or individual rights within a category.

List of group rights

Nagios Auth

Group right Description
System information Access to the system or process information.
Configuration information Access to view configuration.
System commands Access to issue system commands in the user interface. See also Host and Service.

API

Group right Description
API command Access to the HTTP API commands interface, which allows users to issue external commands to Naemon. Commands that users are authorised to issue depend on their System Commands, Host Commands, and Service Commands settings.
API config Access to the HTTP API configuration interface, which allows users to update object configuration. Requires edit rights on the corresponding object type.
API report Access to the HTTP API report interface, which allows users to retrieve raw report data.
API status Access to the HTTP API status interface, which allows users to retrieve status information for monitoring objects.
API perfdata Access to the HTTP API perfdata interface, which allows user to retrieve the performance data of monitoring objects such as hosts and services.

Host

Group right Description
Host add delete Permissions to add and delete hosts.
Host view all Permissions to view all hosts.
Host view contact Permissions to view hosts for which the user is a contact.
Host edit all Permissions to edit all existing hosts, including commands and possibly object configuration, depending on configuration information.
Host edit contact Permissions to edit hosts for which the user is a contact, including commands and possibly object configuration, depending on configuration information.
Test this host Permissions to test the host configuration.

Host commands

Group right Description
Host command acknowledge Permissions to add and remove problem acknowledgements on hosts.
Host command add comment Permissions to add comments on hosts.
Host command schedule downtime Permissions to schedule host downtimes.
Host command check execution Permissions to start and stop running host checks and passive checks of hosts and their services.
Host command event handler Permissions to start and stop event handlers on hosts.
Host command flap detection Permissions to start and stop flap detection on hosts.
Host command notifications Permissions to start and stop notification sending from hosts and associated services.
Host command passive check Permissions to send passive check results to hosts.
Host command schedule check Permissions to send and reschedule checks on hosts and their services.
Host command send notification Permissions to send notifications for hosts.
Host command obsess Permissions to start and stop obsessing on hosts.

Host template

Group right Description
Host template add delete Permissions to add and delete host templates.
Host template view all Permissions to view host templates.
Host template edit all Permissions to edit host templates.

Service

Group right Description
Service add delete Permissions to add and delete services.
Service view all Permissions to view all services.
Service view contact Permissions to view services for which the user is a contact.
Service edit all Permissions to edit all existing services, including commands and possibly object configuration, depending on configuration information.
Service edit contact Permissions to edit services for which the user is a contact, including commands and possibly object configuration, depending on configuration information.
Test this service Permissions to test the service configuration.

Service commands

Group right Description
Service command acknowledge Permissions to add and remove problem acknowledgements on services.
Service command add comment Permissions to add comments on services.
Service command schedule downtime Permissions to schedule service downtimes.
Service command check execution Permissions to run and stop running service checks and passive checks on services.
Service command event handler Permissions to start and stop event handlers on services.
Service command flap detection Permissions to start and stop flap detection on services.
Service command notifications Permissions to start and stop notification sending from services.
Service command passive check Permissions to send passive check results to services.
Service command schedule check Permissions to send and reschedule checks on services.
Service command send notifications Permissions to send notifications for services.
Service command obsess Permissions to start and stop obsessing on services.

Service template

Group right Description
Service template add delete Permissions to add and delete service templates.
Service template view all Permissions to view service templates.
Service template edit all Permissions to edit service templates.

Host group

Group right Description
Host group add delete Permissions to add and delete host groups.
Host group view all Permissions to view all host groups.
Host group view contact Permissions to view host groups if they are a contact for all underlying hosts. When using LMD, the GroupAuthorization setting in lmd.ini may affect this.
Host group edit all Permissions to edit all existing host groups, including commands and possibly object configuration, depending on configuration information.
Host group edit contact Permissions to edit host groups for which the user is a contact, including commands and possibly object configuration, depending on configuration information.

Host group commands

Group right Description
Host group command schedule downtime Permissions to schedule downtimes for all hosts in a host group.
Host group command check execution Permissions to start and stop running checks and passive checks for all hosts in a host group.
Host group command send notifications Permissions to send notifications for all hosts in a host group.

Service group

Group right Description
Service group add delete Permissions to add and delete service groups.
Service group view all Permissions to view all service groups.
Service group view contact Permissions to view service groups if they are a contact for all underlying hosts. When using LMD, the GroupAuthorization setting in lmd.ini may affect this.
Service group edit all Permissions to edit all existing service groups, including commands and possibly object configuration, depending on configuration information.
Service group edit contact Permissions to edit service groups for which the user is a contact, including commands and possibly object configuration, depending on configuration information.

Service group commands

Group right Description
Service group command schedule downtime Permissions to schedule downtimes for all services in a service group.
Service group command check execution Permissions to start and stop running checks and passive checks for all services in a service group.
Service group command send notifications Permissions to send notifications for all services in a service group.

Host dependency

Group right Description
Host dependency add delete Permissions to add and delete host dependencies.
Host dependency view all Permissions to view host dependencies.
Host dependency edit all Permissions to edit host dependencies.

Service dependency

Group right Description
Service dependency add delete Permissions to add and delete service dependencies.
Service dependency view all Permissions to view service dependencies.
Service dependency edit all Permissions to edit service dependencies.

Host escalation

Group right Description
Host escalation add delete Permissions to add and delete host escalations.
Host escalation view all Permissions to view host escalations.
Host escalation edit all Permissions to edit host escalations.

Service escalation

Group right Description
Service escalation add delete Permissions to add and delete service escalations.
Service escalation view all Permissions to view service escalations.
Service escalation edit all Permissions to edit service escalations.

Contact

Group right Description
Contact add delete Permissions to add and delete contacts.
Contact view contact Permissions to view contact associated with user.
Contact view all Permissions to view all contacts.
Contact edit contact Permissions to edit contact associated with user.
Contact edit all Permissions to edit all contacts.

Contact template

Group right Description
Contact template add delete Permissions to add and delete contact templates.
Contact template view all Permissions to view all contact templates.
Contact template edit all Permissions to edit all contact templates.

Contact group

Group right Description
Contact group add delete Permissions to add and delete contact groups.
Contact group view contact Permissions to view their own contact groups.
Contact group view all Permissions to view all contact groups.
Contact group edit contact Permissions to edit own contact groups.
Contact group edit all Permissions to edit all contact groups.

Dashboard

Group right Description
Dashboard share Permissions to share dashboards with other users and groups.

Time period

Group right Description
Time period add delete Permissions to add and delete time periods.
Time period view all Permissions to view time periods.
Time period edit all Permissions to edit time periods.

Command

Group right Description
Command add delete Permissions to add and delete commands.
Command view all Permissions to view commands.
Command edit all Permissions to edit commands.
Test this command Permissions to test the command.

Management pack

Group right Description
Management pack add delete Permissions to add and delete management packs.
Management pack view all Permissions to view management packs.
Management pack edit all Permissions to edit management packs.

Configuration

Group right Description
Export Permissions to export own configuration changes.
Configuration all Permissions to export and import all configuration.

DokuWiki

Group right Description
Wiki Permissions to view, create, and update DokuWiki pages the user is authorised to see.
Wiki Admin Permissions to access the DokuWiki admin panel.

NagVis

Group right Description
NagVis add delete Global permissions to add and delete all NagVis maps.
NagVis view Global permissions to view all NagVis maps.
NagVis edit Global permissions to edit all NagVis maps.
NagVis admin Full permissions for NagVis, including global configuration.

Logger

Group right Description
Logger access Access to the Logger interface.
Logger configuration Permissions to modify Logger configuration.
Logger schedule archive search Permissions to schedule Logger searches in the archived logs.

Business services

Group right Description
Business services access Access to business services.

Trapper

Group right Description
Traps view all Permissions to view traps.

Misc

Group right Description of right
File Permissions to change the object storage file.
Access rights Permissions to edit access rights. This allows privilege escalation.
PNP Permissions to edit graph configuration.
Manage Trapper Permissions to manage handlers, modules, matchers, and logs for Trapper. To view or manipulate sub-states, you need permissions to view and edit the appropriate service, or all services if none match, instead.
Saved filters global Permissions to create and delete global filters for list views.

Group rights required per OP5 Monitor function

The following table lists the rights you need to use for specific functions of OP5 Monitor.

Function Rights
Save configuration Configuration > Export
Host Wizard

Misc > FILE

Api > Api Config

Host > Host Add Delete

Host Template > Host Template View All

Hostgroup > Hostgroup View All

Management Pack > Management Pack View All

Configuration > Export

 

Share a dashboard Dashboard > Dashboard Share

Update OP5 Monitor user permissions

Update OP5 Monitor user permissions as follows:

  1. Click Manage > Configure.
  2. In the Permissions section, click Group rights.
  3. Expand the category of rights, or click the Expand all button to view all rights at once.
  4. Check the required rights next to the user group. If only some of the rights in a category are selected, the checkbox is displayed with a minus sign instead of a tick.

Tip: Hover your cursor over each group right for a detailed description of its purpose.

Add or update authentication modules

The procedure below gives a brief overview of how to add and update authentication modules in OP5 Monitor. For a more detailed explanation of authentication drivers and advanced configuration options, see Authentication drivers.

Add or update an authentication module

To add or update an authentication module:

  1. Click Manage > Configure.
  2. In the Permissions section, click Authentication modules.
  3. Click Add new module or the tab of the module you want to update.
  4. If you are adding a new module, enter the Module Name and select the Driver Type from the drop-down list.
  5. Enter the other details for the module.
  6. In the common tab, change Default Auth to your new module.
  7. If required by your driver (such as Apache), check Enable Auto Login.
  8. Click Save.

Delete an authentication module

To delete an authentication module:

  1. Click the cross on the tab of the module you want to delete.
  2. Click OK in the confirmation prompt.