Web2 Authenitcation ignoring user Role

Icinga Web
1

Hey

Have an issue with authentication/roles on Web2 - basically, my user getting assigned admin permissions and his role seems to be ignored.

I’ve got AD enabled Web2 interface (users & groups coming from AD) when testing as user t2dnowak (who is member of group ACL_MGMT_IC2_ACCESS) I’m getting assigned admin permissions (can do/view everything in Web2) where should be limited (as per role Standard Users)

My roles file:

Roles%20file
Roles file.PNG1872×215 10.9 KB

Roles from GUI

roles%20GUI
roles GUI.PNG877×539 8.62 KB

Confirmation that user t2dnowak (from AD is a member of group)

t2dnowak%20membership
t2dnowak membership.png1720×648 19.9 KB

What user dnowak can view:

dnowak%20access
dnowak access.PNG193×535 7.53 KB

Am I correct that this user should not have an access to things like Configuration etc? Why it’s getting an Admin ?

Some technical details:

  • OS RHEL 7
  • Icingaweb2 2.7.1 / httpd 2.4.6 / PHP 5.4.16
  • Icinga2 v2.10.5
2

Hi,

logout and login again did not change anything?

Besides a note on PHP - 5.4 is too old, I would believe you’re running on SCL packages already. You are using the icingaweb2 rpm package from packages.icinga.com right?

Cheers,
Michael

3

Hi Michael,

Logout did not make any difference. Same ex. removing/adding user to group or trying on any other AD based user.

Yes it’s running on official packages from packages.icinga.com

Apologies for misslead on PHP - it took system version, Icingaweb2 running on SCL PHP 7.1

Thanks
Dariusz