On Nov 15, 2006, at 1:48 AM, Chlupáček Pavel wrote:
Folks,
Is there any explanation how the admins and user
rights work in the system?
Is there any way to restrict content of information
displayed for users (i.e. per particullar system)?
Essentially I am looking for:
r/w right assigment per either group
or system assotiation
view right addignments per either
group or system.
Pavel,
Zenoss inherits the Zope security model, and Zope security has always
been a bit difficult to work with. The problem is that Zope is very
secure *and* very specific. There are many kinds of "write" and
"read" in Zope. For a full list, you can view the "security" tab at
http://localhost:8080/manage
That being said, here are some things to consider:
* You can create administrative "roles" (/Management/Settings) and
use those to annotate devices per user (this is good for keeping
track of who manages what); this doesn't address your question, but
perhaps may be useful for you.
* You can navigate to a resource in Zenoss where you want to manage
permissions, and then access the Zope security management for that
resource by appending "/manage_access" to the URL -- WARNING! do not
make changes unless you have read about and understand Zope security!
(see link below)
* You can add more roles by navigating to /zport/acl_users/
roleManager/manage_roles and clicking the "Add a role" link. Note,
however, that any roles you add here will not show up in list of
roles at /zport/dmd/ZenUsers/<username>
* You can assign users to roles by clicking the "?" under the
"Assignments" column at the location mentioned in the previous bullet.
Again, please be very careful if/when making changes like this. Be
sure you know what you are doing. The Zope 2.6 book has a section on
Zope security that you should read:
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/
Security.stx
We use a more modern, extensible acl_users folder than what was
available at the time of Zope 2.6, but the underlying principles are
the same (even though the UI for managing users and roles has changed).
(Note that the 2.7 edition of the book hosted on plope.com is down
right now.)
Extended support for user management is one of the topics that comes
up frequently in conversation here, and we've laid a great deal of
ground work in order to support future enhancements (such as LDAP and
Active Directory support).
In the morning, Erik may have more to add as well as potentially
better approaches than what I have described above in the bullets.
d_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
