See www.zabbix.com for the official Zabbix site.

Docs/specs/ZBXNEXT-3073

From Zabbix.org
Jump to: navigation, search

Private screens

ZBXNEXT-3073

Status: Draft

Owner: Ivo

Summary

Zabbix will support public as well as private screens with ability to share them with other users and user groups.

Specification

The functionality will enable creation and management of screens for regular users without admin rights.

Configuration -> Screens will be removed. Instead, Monitoring -> Screens will be extended to support management of screens.

All screens will have ownership, a user who created this screen. Screen will be visible only to screen owner if it is private or to visible everyone if screen public. Access to a screen can be also shared with other users and user groups. Two sharing modes will be available for each share: read and read-write. Only user groups and their users of screen owner user groups will be available for sharing.

Screen name must be unique.

Screen permissions

A screen is visible to user only if the user has read permissions to all screens elements. Also he must be owner of the screen or be in the list of users or a member of user groups for sharing.

Read permission for screen element is needed if user wants to add this element to a screen.

Super admins, regular admins, screen owners and users with read-write permissions will be allowed to remove screen and modify all its properties. Note that not all sharing information may be visible to regular admins and screen owner.

If screen owner loses screen permissions (no rights to see a screen element), the screen will no longer be visible to the screen owner.

Disabled user status does not affect any screen related functionality.

Front-end changes

  • Removal of Configuration -> Screens;
  • Monitoring -> Screens will display last visited page (screen view or list of screens);
    • Click on screen name -> Screen view mode with ability to go quickly back to the list;
    • Two buttons will be available: "Create screen", "Import";
    • Mass operations at the bottom: "Export", "Delete";
    • Monitoring -> Screens will have a new column "Actions" with two links "Properties" (goes to edit screen properties and sharing mode) and "Constructor" (goes to screen element constructor). In screen edit mode all screen related information could be modified: name, columns, rows. This is split into two tabs: Screen and Sharing;
  • Using templated screens, the Configuration -> Templates menu is highlighted.

Screen edit

Two tabs with be introduced: Screen and Sharing.

  • Screen: edit screen attributes
 As first field should be added possibility to change screen owner (only for admins and superadmins), otherwise displayed screen owner in disabled multiselect field. In case user has no access to see owner, but is admin and has rights to screen, the owner name will no be displayed. Instead multiselect is empty and small text in red color is written under the input Inaccessible user. In other case, when user is a regular user and user is also inaccessible, the multiselect is not available, only text Inaccessible user is.
Select is regular pop-up. Since only one user can be selected, pop-up must not have checkboxes.
       .------------------------.
 Owner | User alias (full name) | Select
       '------------------------'
  • Sharing: Private (default)/Public, Share with [User groups/Users]. Users and groups are added via link Add which opens a pop-up with users or groups. The pop-up has checkboxes, since multiple users and groups can be selected.
 [Private | Public] radio button
 List of user group shares:
 [User group]   [Read/Read-write] Remove
 List of user shares:
 [User]   [Read/Read-write] Remove

List of users and user groups will be available in both Public and Private modes. It will not be possible to add Read shares in Public mode and user will get an error message: Screen "%1$s" is public and read-only sharing is disallowed.

Buttons

 .------------.  .-------.  .--------.  .--------.
 | Add/Update |  | Clone |  | Delete |  | Cancel |
 '------------'  '-------'  '--------'  '--------'

Cloning

Clone will copy all screen attributes except sharing data. Cloned screen will be private by default.

XML import/export

Export

  • Sharing data will not be exported.

Import

  • Import will now provide controls and rules for regular users.
  • New imported screens will be private.
  • The one who imports new screens, is the new owner.

API changes

screen

screen.get new options:

  • userids - (array) select screens with only given user IDs.
  • selectUsers - (query) select users that are shared with screen.
  • selectUserGroups - (query) select users groups that are shared with screen.

screen.create new fields:

  • userid - (integer/string) Screen owner user ID (optional).
  • private - (integer/string) Private or public (optional).
  • users - (array) Shared users (optional). Contains two properties: userid, permission.
  • userGroups - (array) Shared user groups (optional). Contains two properties: usrgrpid, permission.

Example:

{
    "name": "api.created",
    "width": 600,
    "height": 600,
    "userid": 3,
    "private": 1,
    "users": [
        {
            "userid": 4,
            "permission": 2
        }
    ],
    "userGroups": [
        {
            "usrgrpid": 11,
            "permission": 2
        }
    ]
}

screen.update new fields:

  • userid - (integer/string) Screen owner user ID (optional).
  • private - (integer/string) Private or public (optional).
  • users - (array) Shared users (optional). Contains two properties: userid, permission.
  • userGroups - (array) Shared user groups (optional). Contains two properties: usrgrpid, permission.

Example:

{
    "screenid": 1,
    "hsize": 1,
    "vsize": 1,
    "userid": 3,
    "private": 1,
    "users": [
        {
            "userid": 4,
            "permission": 3
        },
        {
            "userid": 5,
            "permission": 2
        }
    ],
    "userGroups": [
        {
            "usrgrpid": 11,
            "permission": 2
        },
        {
            "usrgrpid": 13,
            "permission": 3
        }
    ]
}

user

user.delete:

  • validation should check if user is owner of at least one screen. User cannot be deleted if he is a screen owner. Trying to delete such user, API will throw an error message: User "%1$s" is screen "%2$s" owner.

Translation strings

  • User "%1$s" is screen "%2$s" owner.
  • Only administrators can set screen owner.
  • Screen "%1$s" is public and read-only sharing is disallowed.
  • Incorrect user ID specified for screen "%1$s".
  • Incorrect user group ID specified for screen "%1$s".
  • Incorrect "private" value "%1$s" for screen "%2$s".
  • Incorrect "permission" value "%1$s" in users for screen "%2$s".
  • Incorrect "permission" value "%1$s" in user groups for screen "%2$s".
  • User sharing is missing parameters: %1$s for screen "%2$s".
  • User group sharing is missing parameters: %1$s for screen "%2$s".
  • Sharing option "%1$s" is missing a value for screen "%2$s".
  • Duplicate userid "%1$s" in users for screen "%2$s".
  • Duplicate usrgrpid "%1$s" in user groups for screen "%2$s".

Database changes

Table screens, new fields:

 FIELD       |userid        |t_id       |   |NOT NULL   |0   |3|users  |RESTRICT
 FIELD       |private       |t_integer  |’1’|NOT NULL   |0

New tables:

 TABLE|screen_user|screenuserid|ZBX_DATA
 FIELD       |screenuserid  |t_id       |   |NOT NULL   |0
 FIELD       |screenid      |t_id       |   |NOT NULL   |0    |1|screens
 FIELD       |userid        |t_id       |   |NOT NULL   |0    |2|users
 FIELD       |permission    |t_integer  |’2’|NOT NULL   |0        # 2 - read, 3 - read-write    
 UNIQUE      |1             |screenid,userid
 TABLE|screen_usrgrp|screenusrgrpid|ZBX_DATA
 FIELD       |screenusrgrpid|t_id       |   |NOT NULL   |0
 FIELD       |screenid      |t_id       |   |NOT NULL   |0    |1|screens
 FIELD       |usrgrpid      |t_id       |   |NOT NULL   |0    |2|usrgrp
 FIELD       |permission    |t_integer  |’2’|NOT NULL   |0        # 2 - read, 3 - read-write    
 UNIQUE      |1             |screenid,usrgrpid
  • Database patch to assign owner and private flag (set to '0') to all existing screens. All screens will be assigned to a super admin having smallest userid.
  • Default screen "Zabbix server" should belong to "Admin" user and it is public.
  • Templated screens are not affected and have no owner.

Also discussed

  • Highlighting of Configuration -> Templates in menu for templated screens.
  • To minimise the amount of work, for now there will be no tab "Constructor" - only a link to screen element constuctor.

Documentation

  • Zabbix Manual 3.0
  • Release notes
    • Also include information that now it is possible to add screen components having only read-only permissions to the components
  • Upgrade notes (Configuration -> Screens going away)
  • API documentation
  • Internal documentation

ChangeLog

  • N/A