Applies To
Zenoss 4.x
Summary
The goal of this document is to provide permissions that enable such actions as this:
"Have a user that can see only some devices and can add new devices, but not to be a manager or zenmanager."
This is accomplished in the Zope Management Interface (ZMI for short) by the following steps:
- Create a new role
- Assign permissions for this role
- Assign a user to this role in a given context.
Here are the steps in more detail.
Procedure
1. Create a new role
In most cases these will be device classes.
- Go to the top most level you want this role to be available in the Zope. If you want this role to be global, navigate to http://yourzenossserver:8080/zport/manage.
If you want it to only apply to the /Server/Linux device class, then navigate to http://yourzenossserver:8080/zport/dmd/Devices/Server/Linux/manage. - Click on the Security tab.
- At the very bottom of the page there is a drop down called User defined roles. Type in the name of the role here.
- Click Add Role. This will now be available on this context and any child organizer of this context.
2. Assign Permissions for this role
On the security tab of this object there is a number of check boxes arranged in alphabetical order.
- Find the one you want (for example, "Manage Device")
- Check that box on the column of the role you just created.
- Click Save Changes at the bottom of the list.
3. Assign a user to this role in a given context.
- Navigate through the ZMI to the object you want the user to have that permission on.
- Click on the Security tab.
- In the text at the top of the page there is a sentence that reads You can also assign local roles to users. Click on the local roles link.
- Type in the name of the user you want to assign the custom role to.
.
- Click Add. The user will then have that permission in the given context.
4. Adding a global role
If you want to add a new global role you must do the same thing but add the new role at the zport/manage security page in the ZMI. Also you will need to be running the following in the zendmd if you want to assign a user to that role in the Edit User page:
>>>zport.acl_users.roleManager.addRole('MY_ROLE_NAME') >>>commit()
Comments