Follow

How To Use the ZenOperator Role to Restrict Access in Zenoss 4.x

Applies To

  • Zenoss 4.1.1 - 4.2.3

Summary

You can use Zenoss user roles to provide or restrict rights to devices and classes. This document discusses two scenarios:

  • Provide a user with ZenOperator privileges for all devices and classes in a Zenoss instance
  • Restrict a user's privileges to ZenUser except for a subset of devices or classes that require elevated ZenOperator priveleges

Scenario 1:
ZenOperator Privileges - All Devices/Classes

ZenOperator privileges are desired for a particular administrator for all devices and classes in a Zenoss instance.

Procedure

  1. Navigate to AdvancedSettings →Users
  2. Click the user name whose role must be changed.
    The USER SETTINGS pane displays.
  3. Within the USER SETTINGS pane, locate the Roles field
  4. Select (highlight) the ZenUser role
  5. Hold the CTRL key (Windows) or Command key (Mac) and select the ZenOperator role.
    This selects (highlights) both the ZenUser and ZenOperator roles.
  6. In the field titled Enter current password to confirm changes, type in the password for the currently logged on user
  7. Click Save Settings.

The user you selected now has the ZenOperator role for all devices in the instance.

Scenario 2:
ZenOperator Privileges - Subset of Devices/Classes Only

The Zenuser role is desired for a particular administrator for all devices in a Zenoss instance with the exception of a subset of devices (for example, an individual device, a device class, a group of devices, etc.) for which ZenOperator permissions are desired.

Procedure

  1. Navigate to AdvancedSettings →Users
  2. Click the user name whose role must be changed.
    The USER SETTINGS pane displays.
  3. Within the USER SETTINGS pane, locate the Roles field
  4. In the Roles field, select the ZenUser role and verify that no other roles are highlighted.
  5. In the field titled Enter current password to confirm changes, type in the password for the currently logged on user
  6. Click Save Settings.
  7. In the left-hand pane, click Administered Objects
  8. Click the Action Wheel icon and choose the Device, Device Class, or other device organizer to which you want to grant the user ZenOperator privileges.
  9. Select the ZenOperator role from the drop down menu that displays to the right under role for the newly selected device or device organizer.

The user now has ZenUser role for all devices in the instance, with the exception of the device(s) selected in the above steps.

IMPORTANT NOTE: The user cannot conduct write operations to events in the main event console within Resource Manager (this is the console that displays when the Events link at the top of the interface is selected). As a workaround, the administrator can select the specific device or organizer for which they have ZenOperator permissions and select its individual event console.

Example 1:

Acknowledging or closing events for a device class.

  1. Click on the Infrastructure page.
  2. Click on the device class name in the left-hand pane.
  3. Click the Details toggle at the top of the device class list (left pane).
  4. Click on the Events link on the left to display the event console for the class.

Example 2:

Acknowledging or closing events for a device organizer.

  1. Click on the Infrastructure page.
  2. Click the device organizer name from the list in the left pane.
  3. Click the Details toggle at the top of the device class list (left pane).
  4. Click the Events link in the left pane to display the event console for the class.

Example 3:

Acknowledging or closing events for an individual device.

  1. Click on the Infrastructure page.
  2. Click the device in the Device list (right pane).
  3. Click the Events link in the left pane to display the event console for the device.
Was this article helpful?
0 out of 0 found this helpful

Comments

Powered by Zendesk