Icingaweb 2 Long Authentication Roles

Hello everybody,

we have a fairly large monitoring platform based on Icinga2, Icingaweb 2 and Director.

Now an authorization structure is to be implemented so that not everyone can see everything …

If I now have to filter all hosts and services under Configuration / Authentication / Rules / monitoring/filter/objects, the restrictions per user will be approx. 4 A4 pages long.

Is there another way or a plugin to create a filter for users via contacts or contact groups?

Here is an example of a short filter :slight_smile:

(host_name = test123.test.de & (service_description = * check_test *))|(host_name = test1234.test.de & (service_description = app-json * | service_description = app-java2_ * | service_description = app-php_ * | service_description = app -xml_ * | service_description = app-xml-test_ * | service_description = app-html_ *))|(host_name = test12345.test.de & (service_description = * check_test *))|(host_name = test123456.test.de & (service_description = app-json * | service_description = app-java2_ * | service_description = app-php_ * | service_description = app -xml_ * | service_description = app-xml-test_ * | service_description = app-html_ *))

This example is with wildcards (*), but due to the different services it can actually be used almost nowhere.

It is not possible to create host groups or service groups for filtering

The easiest way would be using rules such as “assign where host.vars.contactgroup = administration” or “assign where service.vars.contact = admin”

Thanks for your tips

Custom variables are your friend:

_host_contactgroup=administration|_service_contact=admin

if that should work, i give out a box of free beer !!!

Thanks for that Tipp :slight_smile: :slight_smile: :slight_smile:

1 Like

:grin:

1 Like

Thats something i told you before :wink:

Prove! Otherwise go away beer thief :face_with_symbols_over_mouth: