Icinga2 custom roles (restrict role based access on specific host objects)


is it possible to create a user role that permits or restricts access to a specific host object or a host object group?

I would be happy if that or a similar feature exists. :slight_smile:

Hi @lobr,

could you explain what exactly do you mean / want to archive?

Restrictions on Icinga2 - to do lookups via Icinga2-CLI (e.g. icinga2 object list)?
=> Mhmm … not really …
=> Edit / Add: Well you could see your usermanagement on your host / os as sort of it … sice you need shell access and rights to perform this kind of commands :wink:

Restictions in Icinga2 by using API?
=> Yes there are: https://icinga.com/docs/icinga-2/latest/doc/12-icinga2-api/#icinga2-api-permissions

Restrictions in your IcingaWeb2 GUI?
=> Yes there are: https://icinga.com/docs/icinga-web-2/latest/doc/06-Security/#roles