With user roles, you can control user access to specific UI elements and actions, define API method allow and deny lists, and more.
Before the introduction of user roles, the only way to restrict access to Zabbix features was to use the three hard-coded user types: Zabbix User, Zabbix Admin, and Zabbix Super Admin. This approach is not flexible enough and sometimes requires granting users excessive permissions.
User roles, first introduced in Zabbix 5.2, added an additional layer of permission flexibility and access control, with which you can define:
- Customer portal and read-only users
- Super administrators with limited permissions
- Fine-grained API access
- Customizable access to menu sections and subsections
- List of allowed/denied actions
- Default access rules for new elements and modules
Check out the video below to get familiar with this new functionality:
Let’s create a new administrator level role:
- To manage user roles, you must have a Super administrator type role
- Navigate to Administration → User roles menu section and press <Create user role>
- Enter role Name and set User type
- By default, all features available for the selected user type are granted
- Create an Allow or Deny list for specific API methods
- Remove access to actions which should not be permitted
- Press <Add> to save the user role
- Now you can go ahead and assign it to user
Tips and best practices:
- Zabbix user roles are based on the three pre-existing user types
- You can’t access restricted menu section with a direct URL
- You can’t perform restricted actions via API methods
- API method lists support wildcards. Host.* applies to all Host methods
- If Default access to new actions is enabled and new action permissions are added to Zabbix, users will automatically get access to such actions
- Default Super admin role cannot be modified or deleted
- Enabled modules, if present, will be automatically listed in the Access to modules sectio
Subscribe
Login
Please login to comment
0 Comments