By default zenoss has an admin role (Manager) and a read only rule
(ZenUser). You can parse out the security setup in a very fine
grained way using the zope security model that Duncan describes
below. In general allowing devices to be assigned to different users
is something we would like to make easier but its another task on the
long list :)
-EAD
On Nov 15, 2006, at 4:43 AM, Duncan McGreggor wrote:
On Nov 15, 2006, at 1:48 AM, Chlupáček Pavel wrote:
Folks,
Is there any explanation how the admins and user
rights work in the system?
Is there any way to restrict content of
information displayed for users (i.e. per particullar system)?
Essentially I am looking for:
r/w right assigment per either
group or system assotiation
view right addignments per either
group or system.
Pavel,
Zenoss inherits the Zope security model, and Zope security has
always been a bit difficult to work with. The problem is that Zope
is very secure *and* very specific. There are many kinds of "write"
and "read" in Zope. For a full list, you can view the "security"
tab at http://localhost:8080/manage
That being said, here are some things to consider:
* You can create administrative "roles" (/Management/Settings) and
use those to annotate devices per user (this is good for keeping
track of who manages what); this doesn't address your question, but
perhaps may be useful for you.
* You can navigate to a resource in Zenoss where you want to manage
permissions, and then access the Zope security management for that
resource by appending "/manage_access" to the URL -- WARNING! do
not make changes unless you have read about and understand Zope
security! (see link below)
* You can add more roles by navigating to /zport/acl_users/
roleManager/manage_roles and clicking the "Add a role" link. Note,
however, that any roles you add here will not show up in list of
roles at /zport/dmd/ZenUsers/<username>
* You can assign users to roles by clicking the "?" under the
"Assignments" column at the location mentioned in the previous bullet.
Again, please be very careful if/when making changes like this. Be
sure you know what you are doing. The Zope 2.6 book has a section
on Zope security that you should read:
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/
Security.stx
We use a more modern, extensible acl_users folder than what was
available at the time of Zope 2.6, but the underlying principles
are the same (even though the UI for managing users and roles has
changed).
(Note that the 2.7 edition of the book hosted on plope.com is down
right now.)
Extended support for user management is one of the topics that
comes up frequently in conversation here, and we've laid a great
deal of ground work in order to support future enhancements (such
as LDAP and Active Directory support).
In the morning, Erik may have more to add as well as potentially
better approaches than what I have described above in the bullets.
d_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
