Icingadb/protect/variables wont work for me

I have several variables for the hosts, the value of which should not be displayed. Before ICINGADb, for example, passwords were displayed with ***.
I looked at the page Security - Icinga DB Web and no variation brought the success.
The variable is below “host.vars.ILO_PASSWORD”
If I enter this under “icingadb/denylist/variables” the rule takes effect and the variable disappears. Why doesn’t this work with “icingadb/protect/variables”?

  • Icinga DB Web version (System - About):
  • Icinga Web 2 version (System - About): 2.12.0
  • Web browser: Chrone / Edge / FireFox actual version
  • Icinga 2 version (icinga2 --version): r2.14.0-1
  • Icinga DB version (icingadb --version): v1.1.1
  • PHP version used (php --version): 7.4
  • Server operating system and version: Debian 10

did you sign out and sign in again to check the vars after changing “icingadb/protect/variables”?

Yes. I did also used another browser.

whats your version of icingadb-web.
the latest release is 1.1.0 and the deny works.

can you post a screenshot of the restriction entries and one a host/service this does not work with.

  • also recheck If your access role get appied correctly by maybe remove some module access
  • Is your role unrestricted
    • this also shows denied or hidden vars

First of all… I’m pretty sure that before 1.1.0 the rule worked. After updating to I also had a problem with other existing rules. I had also posted a ticket for this, where I was then informed that the RegExp had changed.
By coincidence, I noticed this with the “Protected Vars”.

The user I’m testing with only has access to one host group.
I have created a role “1_Remove_Variable_Rule” where I define the variables that should not be displayed. I enter these roles in every other role. That’s how it’s always worked.
Yes, we are using 1.1.0 and “icingadb/denylist/variables” also works.
Here are the screenshots

“Role of the user where the role “1_Remove_Variable_Rule” is entered in “Inheritance from””

It is also wokring on my test machine…
how did you install icingadb-web? source or package?

are your libs uptodate?
icinga/icinga-php-thirdparty: 0.12.0
icinga/icinga-php-library: 0.13.0

icingadb-web is installed by package:

deny and hidden work on my setup.

if I make the user unrestricted of course this rule does not apply

Hi everyone, sorry for jumping in, but it’s a known bug and will be fixed with the next Icinga DB Web release.

Thank you. That’s it… So i will wait for the fix… For now i will use the “icingadb/denylist/variables”

Good morning… With the new version of icingadb-web (v1.1.1) everything works like before! Thank you