Manage users, contacts, and permissions
Overview
OP5 Monitor users are grouped into user groups, to which you can assign permissions for specific components and functions of OP5 Monitor.
A contact is a special type of user who exists mainly to receive notifications, although you can grant contacts specific access permissions for OP5 Monitor, if required. Contacts are grouped into contact groups, which are associated with a host or service to receive notifications for that host or service. Contact groups can also be nested in other contact groups.
User permissions and authentication
You manage user permissions in OP5 Monitor as follows:
- By assigning rights to a user group. For more information, see Update user permissions.
- Through the NagVis permissions function, for specific NagVis modules. Note that general rights to access and update NagVis are managed through group rights as for other functions. For more information, see NagVis permissions in Manage NagVis.
OP5 Monitor authentication is managed using authentication drivers. Each driver handles both the authentication of users and resolving group memberships for users. OP5 Monitor includes three authentication drivers — default, LDAP, and Apache.
OP5 Monitor is delivered with a default authentication module based on the default driver, which it uses to authenticate you when you first log in to OP5 Monitor. If you want to change the way users are authenticated when they log in, you can define additional authentication modules, based on one of the three authentication drivers, then associate them with local users you create in OP5 Monitor. For details of how to add or update authentication modules, see Add or update authentication modules.
Saving changes to the configuration database
When you configure changes in OP5 Monitor, you need to perform an additional save to the OP5 Monitor database. The only user-related configuration, the items you need to save to the configuration database are contacts and contact groups. For more information, see Saving configuration changes and viewing the changelog in Introduction to configuration.
Manage user groups
All user group operations are performed with the Group rights function, including adding and deleting user groups, renaming user groups, and assigning permissions to user groups.
You need to create user groups for all local users and any contacts which need to have access to OP5 Monitor.
Create or update a user group
To create or update a user group:
- Click Manage > Configure.
- In the Permissions section, click Group rights.
- If you are creating a new user group, type the name in a blank field on the left.
Note: To specify a user group that is an existing LDAP or Active Directory user group, ensure that the name matches the existing name.
- Update user permissions next to the user group, as required. For more information, see Update user permissions.
- Click Save.
Manage users
Before you create a new user, create the user group as described in Create or update a user group.
Create a user
To create a new user:
- Click Manage > Configure.
- In the Permissions section, click Local users.
- Specify the user details in the Create new user section, including name, password, authentication modules, and group membership. All of these fields are mandatory.
- Click Create new user.
Manage contact groups
Contact groups are standard OP5 Monitor configuration objects, so the following apply:
- You can use the standard configuration shortcuts to perform other operations on them. For more details, see Configuration shortcuts in Introduction to configuration.
- You need to save them to the configuration database. For more details, see Saving configuration changes and viewing the changelog in Introduction to configuration.
In the contact group configuration page, mandatory fields are designated by an asterisk (*).
Create or update a contact group
To create or update a contact group:
- Click Manage > Configure.
- In the Checks and notifications section, click Contact groups.
- If you are updating a contact group, in Contactgroup to edit, select the contact group from the drop-down list and click Go.
- Enter or update the contact group name details:
- contactgroup_name — ID of the contact object
- alias — name of the contact
- Select the contacts to add as members in members.
- Select the contact groups to add as members in contactgroup_members.
- Click Submit.
Manage contacts
Contacts are standard OP5 Monitor configuration objects, so the following apply:
- You can use the standard configuration shortcuts to perform other operations on them. For more details, see Configuration shortcuts in Introduction to configuration.
- You need to save them to the configuration database. For more details, see Saving configuration changes and viewing the changelog in Introduction to configuration.
Before you create a contact, check that you have created the following:
- The local user with which to associate the contact. For more details, see Create a user.
- The contact group. For more details, see Create or update a contact group.
- The contact template, if required. For more details, see Create or update a host, service, or contact template.
Create or update a contact
To create a new contact:
- Click Manage > Configure.
- In the Checks and notifications section, click Contacts.
- If you are updating the contact, in Contact to edit, search for the contact or select the contact from the drop-down list and click Go.
- Select the template.
- Enter or update the contact name details:
- contact_name — ID of the contact object
- alias — name of the contact
- Update the other contact fields, as required. For more details, see Contact options in Manage templates and time periods.
- If you want to grant the contact access to OP5 Monitor, check the Configure access rights for this contact checkbox and specify the login details.
- Click Submit.
Update user permissions
You assign user permissions by updating rights at user group level. You can assign a whole category of rights, or individual rights within a category.
List of group rights
Nagios Auth
Group right | Description |
---|---|
System information | Access to the system or process information. |
Configuration information | Access to view configuration. |
System commands | Access to issue system commands in the user interface. See also Host and Service. |
API
Group right | Description |
---|---|
API command | Access to the HTTP API commands interface, which allows users to issue external commands to Naemon. Commands that users are authorised to issue depend on their System Commands, Host Commands, and Service Commands settings. |
API config | Access to the HTTP API configuration interface, which allows users to update object configuration. Requires edit rights on the corresponding object type. |
API report | Access to the HTTP API report interface, which allows users to retrieve raw report data. |
API status | Access to the HTTP API status interface, which allows users to retrieve status information for monitoring objects. |
API perfdata | Access to the HTTP API perfdata interface, which allows user to retrieve the performance data of monitoring objects such as hosts and services. |
Host
Group right | Description |
---|---|
Host add delete | Permissions to add and delete hosts. |
Host view all | Permissions to view all hosts. |
Host view contact | Permissions to view hosts for which the user is a contact. |
Host edit all | Permissions to edit all existing hosts, including commands and possibly object configuration, depending on configuration information. |
Host edit contact | Permissions to edit hosts for which the user is a contact, including commands and possibly object configuration, depending on configuration information. |
Test this host | Permissions to test the host configuration. |
Host commands
Group right | Description |
---|---|
Host command acknowledge | Permissions to add and remove problem acknowledgements on hosts. |
Host command add comment | Permissions to add comments on hosts. |
Host command schedule downtime | Permissions to schedule host downtimes. |
Host command check execution | Permissions to start and stop running host checks and passive checks of hosts and their services. |
Host command event handler | Permissions to start and stop event handlers on hosts. |
Host command flap detection | Permissions to start and stop flap detection on hosts. |
Host command notifications | Permissions to start and stop notification sending from hosts and associated services. |
Host command passive check | Permissions to send passive check results to hosts. |
Host command schedule check | Permissions to send and reschedule checks on hosts and their services. |
Host command send notification | Permissions to send notifications for hosts. |
Host command obsess | Permissions to start and stop obsessing on hosts. |
Host template
Group right | Description |
---|---|
Host template add delete | Permissions to add and delete host templates. |
Host template view all | Permissions to view host templates. |
Host template edit all | Permissions to edit host templates. |
Service
Group right | Description |
---|---|
Service add delete | Permissions to add and delete services. |
Service view all | Permissions to view all services. |
Service view contact | Permissions to view services for which the user is a contact. |
Service edit all | Permissions to edit all existing services, including commands and possibly object configuration, depending on configuration information. |
Service edit contact | Permissions to edit services for which the user is a contact, including commands and possibly object configuration, depending on configuration information. |
Test this service | Permissions to test the service configuration. |
Service commands
Group right | Description |
---|---|
Service command acknowledge | Permissions to add and remove problem acknowledgements on services. |
Service command add comment | Permissions to add comments on services. |
Service command schedule downtime | Permissions to schedule service downtimes. |
Service command check execution | Permissions to run and stop running service checks and passive checks on services. |
Service command event handler | Permissions to start and stop event handlers on services. |
Service command flap detection | Permissions to start and stop flap detection on services. |
Service command notifications | Permissions to start and stop notification sending from services. |
Service command passive check | Permissions to send passive check results to services. |
Service command schedule check | Permissions to send and reschedule checks on services. |
Service command send notifications | Permissions to send notifications for services. |
Service command obsess | Permissions to start and stop obsessing on services. |
Service template
Group right | Description |
---|---|
Service template add delete | Permissions to add and delete service templates. |
Service template view all | Permissions to view service templates. |
Service template edit all | Permissions to edit service templates. |
Host group
Group right | Description |
---|---|
Host group add delete | Permissions to add and delete host groups. |
Host group view all | Permissions to view all host groups. |
Host group view contact | Permissions to view host groups if they are a contact for all underlying hosts. When using LMD, the GroupAuthorization setting in lmd.ini may affect this. |
Host group edit all | Permissions to edit all existing host groups, including commands and possibly object configuration, depending on configuration information. |
Host group edit contact | Permissions to edit host groups for which the user is a contact, including commands and possibly object configuration, depending on configuration information. |
Host group commands
Group right | Description |
---|---|
Host group command schedule downtime | Permissions to schedule downtimes for all hosts in a host group. |
Host group command check execution | Permissions to start and stop running checks and passive checks for all hosts in a host group. |
Host group command send notifications | Permissions to send notifications for all hosts in a host group. |
Service group
Group right | Description |
---|---|
Service group add delete | Permissions to add and delete service groups. |
Service group view all | Permissions to view all service groups. |
Service group view contact | Permissions to view service groups if they are a contact for all underlying hosts. When using LMD, the GroupAuthorization setting in lmd.ini may affect this. |
Service group edit all | Permissions to edit all existing service groups, including commands and possibly object configuration, depending on configuration information. |
Service group edit contact | Permissions to edit service groups for which the user is a contact, including commands and possibly object configuration, depending on configuration information. |
Service group commands
Group right | Description |
---|---|
Service group command schedule downtime | Permissions to schedule downtimes for all services in a service group. |
Service group command check execution | Permissions to start and stop running checks and passive checks for all services in a service group. |
Service group command send notifications | Permissions to send notifications for all services in a service group. |
Host dependency
Group right | Description |
---|---|
Host dependency add delete | Permissions to add and delete host dependencies. |
Host dependency view all | Permissions to view host dependencies. |
Host dependency edit all | Permissions to edit host dependencies. |
Service dependency
Group right | Description |
---|---|
Service dependency add delete | Permissions to add and delete service dependencies. |
Service dependency view all | Permissions to view service dependencies. |
Service dependency edit all | Permissions to edit service dependencies. |
Host escalation
Group right | Description |
---|---|
Host escalation add delete | Permissions to add and delete host escalations. |
Host escalation view all | Permissions to view host escalations. |
Host escalation edit all | Permissions to edit host escalations. |
Service escalation
Group right | Description |
---|---|
Service escalation add delete | Permissions to add and delete service escalations. |
Service escalation view all | Permissions to view service escalations. |
Service escalation edit all | Permissions to edit service escalations. |
Contact
Group right | Description |
---|---|
Contact add delete | Permissions to add and delete contacts. |
Contact view contact | Permissions to view contact associated with user. |
Contact view all | Permissions to view all contacts. |
Contact edit contact | Permissions to edit contact associated with user. |
Contact edit all | Permissions to edit all contacts. |
Contact template
Group right | Description |
---|---|
Contact template add delete | Permissions to add and delete contact templates. |
Contact template view all | Permissions to view all contact templates. |
Contact template edit all | Permissions to edit all contact templates. |
Contact group
Group right | Description |
---|---|
Contact group add delete | Permissions to add and delete contact groups. |
Contact group view contact | Permissions to view their own contact groups. |
Contact group view all | Permissions to view all contact groups. |
Contact group edit contact | Permissions to edit own contact groups. |
Contact group edit all | Permissions to edit all contact groups. |
Dashboard
Group right | Description |
---|---|
Dashboard share | Permissions to share dashboards with other users and groups. |
Time period
Group right | Description |
---|---|
Time period add delete | Permissions to add and delete time periods. |
Time period view all | Permissions to view time periods. |
Time period edit all | Permissions to edit time periods. |
Command
Group right | Description |
---|---|
Command add delete | Permissions to add and delete commands. |
Command view all | Permissions to view commands. |
Command edit all | Permissions to edit commands. |
Test this command | Permissions to test the command. |
Management pack
Group right | Description |
---|---|
Management pack add delete | Permissions to add and delete management packs. |
Management pack view all | Permissions to view management packs. |
Management pack edit all | Permissions to edit management packs. |
Configuration
Group right | Description |
---|---|
Export | Permissions to export own configuration changes. |
Configuration all | Permissions to export and import all configuration. |
DokuWiki
Note: Beginning 10 November 2020, DokuWiki is no longer supported.
Group right | Description |
---|---|
Wiki | Permissions to view, create, and update DokuWiki pages the user is authorised to see. |
Wiki Admin | Permissions to access the DokuWiki admin panel. |
NagVis
Group right | Description |
---|---|
NagVis add delete | Global permissions to add and delete all NagVis maps. |
NagVis view | Global permissions to view all NagVis maps. |
NagVis edit | Global permissions to edit all NagVis maps. |
NagVis admin | Full permissions for NagVis, including global configuration. |
Group rights required per OP5 Monitor function
The following table lists the rights you need to use for specific functions of OP5 Monitor.
Function | Rights |
---|---|
Save configuration | Configuration > Export |
Host Wizard |
Misc > FILE Api > Api Config Host > Host Add Delete Host Template > Host Template View All Hostgroup > Hostgroup View All Management Pack > Management Pack View All Configuration > Export
|
Share a dashboard | Dashboard > Dashboard Share |
Update OP5 Monitor user permissions
Update OP5 Monitor user permissions as follows:
- Click Manage > Configure.
- In the Permissions section, click Group rights.
- Expand the category of rights, or click the Expand all button to view all rights at once.
- Check the required rights next to the user group. If only some of the rights in a category are selected, the checkbox is displayed with a minus sign instead of a tick.
Tip: Hover your cursor over each group right for a detailed description of its purpose.
Add or update authentication modules
The procedure below gives a brief overview of how to add and update authentication modules in OP5 Monitor. For a more detailed explanation of authentication drivers and advanced configuration options, see Manage authentication.
Add or update an authentication module
To add or update an authentication module:
- Click Manage > Configure.
- In the Permissions section, click Authentication modules.
- Click Add new module or the tab of the module you want to update.
- If you are adding a new module, enter the Module Name and select the Driver Type from the drop-down list.
- Enter the other details for the module.
- In the common tab, change Default Auth to your new module.
- If required by your driver (such as Apache), check Enable Auto Login.
- Click Save.