Close
Log in to Zabbix Blog
Email
Password
Show password Hide password
Forgot password?
Incorrect e-mail and/or password
or
By creating an account or logging in with an existing account, you agree to our Terms of Service
Handy TipsTechnicalHow ToIntegrationsConferencesCommunityNewsSocialInterviewCase StudyLogin

Handy Tips #4: Control access to Zabbix functionality with user roles

Anonymous Anonymous
Anonymous Anonymous
Technical Writer at Zabbix
Handy Tips
September 23, 2021
With user roles, you can control user access to specific UI elements and actions, define API method allow and deny lists, and more. Before the introduction of user roles, the only way to restrict access to Zabbix features was to use the three hard-coded user types: Zabbix User, Zabbix Admin, and Zabbix Super Admin. This […]

With user roles, you can control user access to specific UI elements and actions, define API method allow and deny lists, and more.

Before the introduction of user roles, the only way to restrict access to Zabbix features was to use the three hard-coded user types: Zabbix User, Zabbix Admin, and Zabbix Super Admin. This approach is not flexible enough and sometimes requires granting users excessive permissions.

User roles, first introduced in Zabbix 5.2, added an additional layer of permission flexibility and access control, with which you can define:

  • Customer portal and read-only users
  • Super administrators with limited permissions
  • Fine-grained API access
  • Customizable access to menu sections and subsections
  • List of allowed/denied actions
  • Default access rules for new elements and modules

Check out the video below to get familiar with this new functionality:

Let’s create a new administrator level role:

  1. To manage user roles, you must have a Super administrator type role
  2. Navigate to Administration → User roles menu section and press <Create user role>
  3. Enter role Name and set User type
  4. By default, all features available for the selected user type are granted
  5. Create an Allow or Deny list for specific API methods
  6. Remove access to actions which should not be permitted
  7. Press <Add> to save the user role
  8. Now you can go ahead and assign it to user
Tips and best practices:
  • Zabbix user roles are based on the three pre-existing user types
  • You can’t access restricted menu section with a direct URL
  • You can’t perform restricted actions via  API methods
  • API method lists support wildcards. Host.* applies to all Host methods
  • If Default access to new actions is enabled and new action permissions are added to Zabbix,  users will automatically get access to such actions
  • Default Super admin role cannot be modified or deleted
  • Enabled modules, if present, will be automatically listed in the Access to modules sectio
Tags:
accesspermissionsuser roles
Anonymous Anonymous
Anonymous Anonymous
Technical Writer at Zabbix
Prev Post Prev Post Next Post Next Post
Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Related articles

How to Install Zabbix on Windows with a Linux Subsystem
How to Install Zabbix on Windows with a Linux Subsystem
Podman Container Monitoring with Prometheus Exporter, part 2
Podman Container Monitoring with Prometheus Exporter, part 2
Podman Container Monitoring with Prometheus Exporter, part 1
Podman Container Monitoring with Prometheus Exporter, part 1
Database Monitoring using Zabbix agent 2 – Part 1, SQL
Database Monitoring using Zabbix agent 2 – Part 1, SQL
Let Zabbix be your Lucky Lady for Lotto Numbers
Let Zabbix be your Lucky Lady for Lotto Numbers
0
Would love your thoughts, please comment.x
()
x