I have completed a new Icinga2 installation including Director. In our old monitoring environment with Icinga1 we only gave certain user groups in Icingaweb2 access to the hosts of certain host groups. In the new environment this should be the same again, so I gave the user group the following restriction on the “monitoring” module in Icingaweb2: “monitoring/filter/objects: hostgroup_name=grp-network”. So far everything is great. Now I thought that with the Director it would be possible for this usergroup to create hosts in the group “grp-network”. So I gave the user group in Icingaweb2 the permissions “director/hosts”, “director/deploy” etc. on the module “director” and also set the restriction “director/filter/hostgroups: grp-network” because the users should not be able to mess around with other configurations in the director. However, if a user in the group wants to create a new host (using a defined template which creates hosts in the “grp-network” group) they get the following error:
Unable to store a host with the given properties because of insufficient permissions (IcingaHostForm.php:363)
The error also occurs when I give users full access to the Director for testing purposes. Only when I remove the host group filter for the Director it works, but then of course they have the option to view and edit other configurations in the Director as well, which is not intended. Long story short: Is my plan generally possible? Thanks!
OS: CentOS 8