Hi Ton. Ton Voon wrote: > Hi Alex, > > I think the "read/write" attribute needs to be associated with the > contact. So this implementation looks more obvious (to me): > > define contact { > name person > contactgroups cg1,cg2,cg3 # means can submit commands > contactgroups_viewonly cg5,cg6 > } > > This would effectively mean the can_submit_commands attribute is > redundant, because you just use contactgroups_viewonly instead of > contactgroups.
The more I think about it, the more I think we are looking at this the wrong way. With file system or application permissions, we would assign a group to a folder/object, and then pick what rights the group would have. Why don't we do the same thing with Nagios? Leave the groups as they are, but modify the host and service contact_groups command? For example: define host{ host_name localhost contact_groups netops:rw, helpdesk:r } For backwards compatibility, if no permissions are set, the defaults would be rw so the following would be the same: define host{ host_name localhost contact_groups netops, helpdesk:r } If a user was in both the netops and helpdesk group, the user should have rw access. This will take a bit more work to implement, but I think it makes more sense. What do you think? Alex ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null