this problem is very urgent. Since this morning we have a strange behavior in Icingaweb2:
My AD login is in 2 AD groups: “IT_Admins” and “Another”, where IT_Admins are Administrators in Icingaweb2 and Another has a monitoring/object/filter.
Since this morning, after logging in, I still have my admin rights in all modules, but I don’t see all hosts anymore. Instead of this, I see only the hosts, which are filtered for the “Another” group.
The only change I have made yesterday, was changing a permission for a third role (which shouldn’t be the reason here). When I delete my User from the “Another” Group in AD, everything is working again. So it seems, that Icingaweb2 sets the filter for the first AD group, which is matched (as "Another is matched first,because it stars with “A” and then “IT_Admins”) but does not unset it for the administrators. But I don’t know, why this is happening right (or better JUST) now, as everything worked for months.
Here is a part of the roles.ini:
[Administrators] users = "icingaweb2" permissions = "*" groups = "Administrators, IT_Admin" [Another] groups = "Another" permissions = "module/grafana, grafana/showall, module/monitoring, monitoring/command/schedule-check, monitoring/command/acknowledge-problem, monitoring/command/remove-acknowledgement, monitoring/command/comment/add, monitoring/command/downtime/*, monitoring/command/send-custom-notification" monitoring/filter/objects = "_host_icingaweb=*\"Another\"*|_service_icingaweb=*\"Another\"*"