User without admin rights can disable systemwide Icinga2 options in the system-health menu?

Hi @all,

first time poster here. We are new to Icinga2 and currently migrating from Nagios.

During our tests we noticed that “normal” (non-admin) users can globally disable function like checks, notifications and so on, in this menu:

The user in our the example should only to be able to see and react to monitoring results, but definitely not change something as vital as those options.

We tried to change user rights for the monitoring module, but as soon as the general access for monitoring is enabled for our test user, those options show up.

Is this a normal/wanted behavior or is there any way to enable the monitoring module for our basic users, without these (unwanted) options in system-health?

Thanks.

Kind Regards
Peter
A few infos about our system:

  • Icinga Web 2 version: 1.8.2
  • Icinga 2 version used: 2.12.4-1
  • PHP version used: 7.4
  • Server OS: Ubuntu 20.04

There’s a permission for that: monitoring/​command/​feature/​instance

So unless the user doesn’t have it by means of a different role, this shouldn’t be the case.

thx for the tip, but even with this permission disabled, the options are still showing up in system->monitoring-health.

Our current permission setting:

There is only this role for that particular user and after we disable all of those permissions above (as a test), the user interface is basically empty.

So there shouldn’t bee another role involved, should it?

Forget about my previous post. The advice from nilmerg worked perfectly. I just didn’t notice that the options in system->monitoring-health are still displayed but can’t be changed by the test user anymore.

1 Like