Configuration ACL with Centreon 2.5

This post is also available in: French

We presented  a useful methodology for understanding and  manipulating ACLs among the Best practices.
Today, discover in exclusivity the ACL with the next version of Centreon 2.5.

Some of you may have been wondering why there is no ACL rule when it comes to configuring your monitoring objects. The reason we’ve been telling was that it was just too complicated to apply a generic ACL behavior that could simply satisfy everybody. As a result, a user who is granted access to the configuration pages will be able to configure everything regardless of the ACL rules.

The ACL system on monitoring consoles works just fine

We realized that people were quite happy with how the ACL already works on the monitoring consoles. The idea behind the ACL rules is easy to grasp : you grant access on a set of resources (Resource access) to a group of users (Access group). You can stack as many Resource access rules as you want on an Access group and a user can be part of multiple Access groups. It is just that simple, right ? For more in-depth information regarding the ACL system, I suggest you take a look at the documentation

Let’s mix all that with our configuration pages

Then, we decided to apply the same logic to the configuration objects on Centreon 2.5 (not yet released as of now).

Let’s see what that looks like :

admin_1

This is our regular admin that can see and configure everything.

web admin_2

Our web admin on the other hand can see and configure web servers only.

admin_3

Our regular admin can see and configure all host groups.

web admin_4

The web admin can only see the host groups which contain authorized hosts.

web admin_5

When editing a host group, the web admin will only see a restricted list of hosts. Even though « Centreon-Server » is also part of « Linux-Servers », it is not displayed here and the relationship will remain upon saving.

web admin_6

As a user under ACL restriction, a host group must contain at least one host in order to be created.

That’s it for today, I hope you are all as excited as us about this new feature !
There are still many cool features that haven’t been revealed yet, so stay tuned !

Leave a Reply