This post is also available in: French
We presented a useful methodology for understanding and manipulating ACLs among the Best practices.
Today, discover in exclusivity the ACL with the next version of Centreon 2.5.
Some of you may have been wondering why there is no ACL rule when it comes to configuring your monitoring objects. The reason we’ve been telling was that it was just too complicated to apply a generic ACL behavior that could simply satisfy everybody. As a result, a user who is granted access to the configuration pages will be able to configure everything regardless of the ACL rules.
The ACL system on monitoring consoles works just fine
We realized that people were quite happy with how the ACL already works on the monitoring consoles. The idea behind the ACL rules is easy to grasp : you grant access on a set of resources (Resource access) to a group of users (Access group). You can stack as many Resource access rules as you want on an Access group and a user can be part of multiple Access groups. It is just that simple, right ? For more in-depth information regarding the ACL system, I suggest you take a look at the documentation
Let’s mix all that with our configuration pages
Then, we decided to apply the same logic to the configuration objects on Centreon 2.5 (not yet released as of now).
Let’s see what that looks like :
This is our regular admin that can see and configure everything.
Our web admin on the other hand can see and configure web servers only.
Our regular admin can see and configure all host groups.
The web admin can only see the host groups which contain authorized hosts.
When editing a host group, the web admin will only see a restricted list of hosts. Even though « Centreon-Server » is also part of « Linux-Servers », it is not displayed here and the relationship will remain upon saving.
As a user under ACL restriction, a host group must contain at least one host in order to be created.
That’s it for today, I hope you are all as excited as us about this new feature !
There are still many cool features that haven’t been revealed yet, so stay tuned !