Permissions in icingadb module: How to filter or hide users / usergroups

Hi all :slight_smile: ,

I’m trying to create a new Icingaweb2 role with this restriction in the icingadb module:
“This role is not allowed to see the lists of Users and Usergroups in the Overview”.
(For privacy reasons.)

I tried a similar thing for hosts and services, which works quite well with a filter expression like this:
icingadb/​filter/​objects :!=* or!=*
( or both with!=*&!=* )

However, a pattern akin to!=* doesn’t work as expected.
(The users and usergroups still show up.)

Am I using the wrong filter pattern?
Or is there maybe a more elegant solution for my usecase that I’m not aware of?

Your help’s greatly appreciated. :v:

  • Barney

  • Icinga DB Web version (System - About): 1.0.2
  • Icinga Web 2 version (System - About): 2.11.3
  • Web browser: Firefox ESR 102.6.0
  • Icinga 2 version (icinga2 --version): 2.13.6
  • Icinga DB version (icingadb --version): 1.1.0
  • PHP version used (php --version): 7.4.33
  • Server operating system and version: Debian 11

You should take a look at denylists. icingadb/denylist/routes in particular.

1 Like

Thanks Johannes! A classic case of RTFM on my part. :wink:

For anybody with a similar issue, here’s what I ended up with:
Set this restriction in the icingadb module:

icingadb/denylist/routes : users, usergroups

Those navigation items will now be hidden and inaccessible for this role.
contacts, contactgroups (as stated in the docs) won’t work.