Documentation

This is the documentation page for an unsupported version of Zabbix.
Is this not what you were looking for? Switch to the current version or choose one from the drop-down menu.
1 Manual structure
2 What is Zabbix
3 Zabbix features
4 Zabbix overview
5 What's new in Zabbix 3.2.0
6 What's new in Zabbix 3.2.1
7 What's new in Zabbix 3.2.2
8 What's new in Zabbix 3.2.3
9 What's new in Zabbix 3.2.4
10 What's new in Zabbix 3.2.5
11 What's new in Zabbix 3.2.6
12 What's new in Zabbix 3.2.7
13 What's new in Zabbix 3.2.8
14 What's new in Zabbix 3.2.9
15 What's new in Zabbix 3.2.10
16 What's new in Zabbix 3.2.11
2 Server
2. Definitions
3 Agent
4 Proxy
5 Java gateway
6 Sender
7 Get
1 Getting Zabbix
Best practices for secure Zabbix setup
3 Installation from sources
1 Repository installation
2 Server installation with MySQL database
3 Server installation with PostgreSQL database
4 Agent installation
5 Proxy installation
5 Installation from containers
6 Upgrade procedure using sources
1 Red Hat Enterprise Linux/CentOS
2 Debian/Ubuntu
8 Known issues
9 Template changes
10 Upgrade notes for 3.2.0
11 Upgrade notes for 3.2.1
12 Upgrade notes for 3.2.2
13 Upgrade notes for 3.2.3
14 Upgrade notes for 3.2.4
15 Upgrade notes for 3.2.5
16 Upgrade notes for 3.2.6
17 Upgrade notes for 3.2.7
18 Upgrade notes for 3.2.8
19 Upgrade notes for 3.2.9
20 Upgrade notes for 3.2.10
21 Upgrade notes for 3.2.11
1 Login and configuring user
2 New host
3 New item
4 New trigger
5 Receiving problem notification
6 New template
5. Zabbix appliance
1 Configuring a host
2 Inventory
3 Mass update
1 Item key
2 Custom intervals
Windows-specific item keys
1 Dynamic indexes
2 Special OIDs
3 SNMP traps
4 IPMI checks
1 VMware monitoring item keys
6 Log file monitoring
7 Calculated items
8 Internal checks
9 SSH checks
10 Telnet checks
11 External checks
12 Aggregate checks
13 Trapper items
14 JMX monitoring
15 ODBC monitoring
3 History and trends
1 Extending Zabbix agents
5 Loadable modules
6 Windows performance counters
7 Mass update
8 Value mapping
9 Applications
10 Queue
11 Value cache
1 Configuring a trigger
2 Trigger expression
3 Trigger dependencies
4 Trigger severity
5 Customising trigger severities
6 Unit symbols
7 Mass update
8 Predictive trigger functions
9 Event tags
1 Event sources
2 Manual closing of problems
1 Trigger-based event correlation
2 Global event correlation
1 Simple graphs
2 Custom graphs
3 Ad-hoc graphs
1 Configuring a network map
2 Host group elements
3 Link indicators
1 Screen elements
4 Slide shows
1 Configuring a template
2 Linking/unlinking
3 Nesting
1 E-mail
2 SMS
3 Jabber
4 Ez Texting
5 Custom alertscripts
1 Conditions
1 Sending message
2 Remote commands
3 Additional operations
4 Using macros in messages
3 Recovery operations
4 Escalations
3 Receiving notification on unsupported items
1 Macro functions
2 User macros
3 Low-level discovery macros
1 Configuring a user
2 Permissions
3 User groups
7. IT services
1 Web monitoring items
2 Real life scenario
Virtual machine discovery key fields
10. Maintenance
11. Regular expressions
12. Event acknowledgment
Groups
Hosts
Configuring a network discovery rule
2 Active agent auto-registration
Notes on low-level discovery
1 Proxies
1 Using certificates
2 Using pre-shared keys
1 Connection type or permission problems
2 Certificate problems
3 PSK problems
1 Dashboard
2 Problems
3 Overview
4 Web
5 Latest data
6 Triggers
7 Graphs
8 Screens
9 Maps
10 Discovery
11 IT services
1 Overview
2 Hosts
1 Status of Zabbix
2 Availability report
3 Triggers top 100
4 Audit
5 Action log
6 Notifications
1 Host groups
2 Templates
1 Applications
2 Items
3 Triggers
4 Graphs
5 Discovery rules
6 Web scenarios
4 Maintenance
5 Actions
6 Event correlation
7 Discovery
8 IT services
1 General
2 Proxies
3 Authentication
4 User groups
5 Users
6 Media types
7 Scripts
8 Queue
1 Global notifications
2 Sound in browsers
3 Global search
4 Frontend maintenance mode
5 Page parameters
6 Definitions
7 Creating your own theme
8 Debug mode
> Action object
action.create
action.delete
action.get
action.update
> Alert object
alert.get
apiinfo.version
> Application object
application.create
application.delete
application.get
application.massadd
application.update
configuration.export
configuration.import
> Correlation object
correlation.create
correlation.delete
correlation.get
correlation.update
> Discovered host object
dhost.get
> Discovered service object
dservice.get
> Discovery check object
dcheck.get
> Discovery rule object
drule.create
drule.delete
drule.get
drule.isreadable
drule.iswritable
drule.update
> Event object
event.acknowledge
event.get
> Graph object
graph.create
graph.delete
graph.get
graph.update
> Graph item object
graphitem.get
> Graph prototype object
graphprototype.create
graphprototype.delete
graphprototype.get
graphprototype.update
> History object
history.get
> Host object
host.create
host.delete
host.get
host.isreadable
host.iswritable
host.massadd
host.massremove
host.massupdate
host.update
> Host group object
hostgroup.create
hostgroup.delete
hostgroup.get
hostgroup.isreadable
hostgroup.iswritable
hostgroup.massadd
hostgroup.massremove
hostgroup.massupdate
hostgroup.update
> Host interface object
hostinterface.create
hostinterface.delete
hostinterface.get
hostinterface.massadd
hostinterface.massremove
hostinterface.replacehostinterfaces
hostinterface.update
> Host prototype object
hostprototype.create
hostprototype.delete
hostprototype.get
hostprototype.isreadable
hostprototype.iswritable
hostprototype.update
> Icon map object
iconmap.create
iconmap.delete
iconmap.get
iconmap.isreadable
iconmap.iswritable
iconmap.update
> Image object
image.create
image.delete
image.get
image.update
> Item object
item.create
item.delete
item.get
item.isreadable
item.iswritable
item.update
> Item prototype object
itemprototype.create
itemprototype.delete
itemprototype.get
itemprototype.isreadable
itemprototype.iswritable
itemprototype.update
> IT Service object
service.adddependencies
service.addtimes
service.create
service.delete
service.deletedependencies
service.deletetimes
service.get
service.getsla
service.isreadable
service.iswritable
service.update
> LLD rule object
discoveryrule.copy
discoveryrule.create
discoveryrule.delete
discoveryrule.get
discoveryrule.isreadable
discoveryrule.iswritable
discoveryrule.update
> Maintenance object
maintenance.create
maintenance.delete
maintenance.get
maintenance.update
> Map object
map.create
map.delete
map.get
map.isreadable
map.iswritable
map.update
> Media object
usermedia.get
> Media type object
mediatype.create
mediatype.delete
mediatype.get
mediatype.update
> Problem object
problem.get
> Proxy object
proxy.create
proxy.delete
proxy.get
proxy.isreadable
proxy.iswritable
proxy.update
> Screen object
screen.create
screen.delete
screen.get
screen.update
> Screen item object
screenitem.create
screenitem.delete
screenitem.get
screenitem.isreadable
screenitem.iswritable
screenitem.update
screenitem.updatebyposition
> Script object
script.create
script.delete
script.execute
script.get
script.getscriptsbyhosts
script.update
> Template object
template.create
template.delete
template.get
template.isreadable
template.iswritable
template.massadd
template.massremove
template.massupdate
template.update
> Template screen object
templatescreen.copy
templatescreen.create
templatescreen.delete
templatescreen.get
templatescreen.isreadable
templatescreen.iswritable
templatescreen.update
> Template screen item object
templatescreenitem.get
> Trend object
trend.get
> Trigger object
trigger.adddependencies
trigger.create
trigger.delete
trigger.deletedependencies
trigger.get
trigger.isreadable
trigger.iswritable
trigger.update
> Trigger prototype object
triggerprototype.create
triggerprototype.delete
triggerprototype.get
triggerprototype.update
> User object
user.addmedia
user.create
user.delete
user.deletemedia
user.get
user.isreadable
user.iswritable
user.login
user.logout
user.update
user.updatemedia
user.updateprofile
> User group object
usergroup.create
usergroup.delete
usergroup.get
usergroup.isreadable
usergroup.iswritable
usergroup.massadd
usergroup.massupdate
usergroup.update
> User macro object
usermacro.create
usermacro.createglobal
usermacro.delete
usermacro.deleteglobal
usermacro.get
usermacro.update
usermacro.updateglobal
> Value map object
valuemap.create
valuemap.delete
valuemap.get
valuemap.update
> Web scenario object
httptest.create
httptest.delete
httptest.get
httptest.isreadable
httptest.iswritable
httptest.update
Appendix 1. Reference commentary
Appendix 2. Changes from 3.0 to 3.2
Zabbix API changes in 3.2
1 Frequently asked questions / Troubleshooting
1 Database creation scripts
2 Zabbix agent on Microsoft Windows
1 Zabbix server
2 Zabbix proxy
3 Zabbix agent (UNIX)
4 Zabbix agent (Windows)
5 Zabbix Java gateway
6 Special notes on "Include" parameter
Server-proxy data exchange protocol
1 Items supported by platform
2 vm.memory.size parameters
3 Passive and active agent checks
4 Encoding of returned values
5 Large file support
6 Unreachable/unavailable host settings
7 Sensor
8 Notes on memtype parameter in proc.mem items
9 Notes on selecting processes in proc.mem and proc.num items
10 Implementation details of net.tcp.service and net.udp.service checks
1 Supported trigger functions
1 Supported macros
8 Setting time periods
9 Command execution
10 Recipes for monitoring
11 Performance tuning
12 Version compatibility
13 Database error handling
14 Zabbix sender dynamic link library for Windows
zabbix_agentd
zabbix_get
zabbix_proxy
zabbix_sender
zabbix_server

3 User groups

Overview

User groups allow to group users both for organizational purposes and for assigning permissions to data. Permissions to monitoring data of host groups are assigned to user groups, not individual users.

It may often make sense to separate what information is available for one group of users and what - for another. This can be accomplished by grouping users and then assigning varied permissions to host groups.

A user can belong to any amount of groups.

Configuration

To configure a user group:

  • Go to Administration → User groups
  • Click on Create user group (or on the group name to edit an existing group)
  • Edit group attributes in the form

The User group tab contains general group attributes:

Parameter Description
Group name Unique group name.
Users The In group block contains a listing of the members of this group.
To add users to the group select them in the Other groups block and click on <<.
Frontend access How the users of the group are authenticated.
System default - use default authentication
Internal - use Zabbix authentication. Ignored if HTTP authentication is set
Disabled - access to Zabbix GUI is forbidden
Enabled Status of user group and group members.
Checked - user group and users are enabled
Unchecked - user group and users are disabled
Debug mode Mark this checkbox to activate debug mode for the users.

The Permissions tab allows you to specify user group access to host group (and thereby host) data:

Current permissions to host groups are displayed in the Permissions block.

If current permissions of the host group are inherited by all nested host groups, that is indicated by the including subgroups text in the parenthesis after the host group name. (Note that in versions 3.2.0, 3.2.1 the same is expressed by a forward slash and asterisk '/*' after a host group name.)

You may change the level of access to a host group:

  • Read-write - read-write access to a host group;
  • Read - read-only access to a host group;
  • Deny - access to a host group denied;
  • None - no permissions are set.

Use the selection field below to select host groups and the level of access to them (note that selecting None will remove host group from the list if the group is already in the list). If you wish to include nested host groups, mark the Include subgroups checkbox. This field is auto-complete so starting to type the name of a host group will offer a dropdown of matching groups. If you wish to see all host groups, click on Select.

Host access from several user groups

A user may belong to any number of user groups. These groups may have different access permissions to hosts.

Therefore, it is important to know what hosts an unprivileged user will be able to access as a result. For example, let us consider how access to host X (in Hostgroup 1) will be affected in various situations for a user who is in user groups A and B.

  • If Group A has only Read access to Hostgroup 1, but Group B Read-write access to Hostgroup 1, the user will get Read-write access to 'X'.

“Read-write” permissions have precedence over “Read” permissions starting with Zabbix 2.2.

  • In the same scenario as above, if 'X' is simultaneously also in Hostgroup 2 that is denied to Group A or B, access to 'X' will be unavailable, despite a Read-write access to Hostgroup 1.
  • If Group A has no permissions defined and Group B has a Read-write access to Hostgroup 1, the user will get Read-write access to 'X'.
  • If Group A has Deny access to Hostgroup 1 and Group B has a Read-write access to Hostgroup 1, the user will get access to 'X' denied.

Other details

  • An Admin level user with Read-write access to a host will not be able to link/unlink templates, if he has no access to the Templates group. With Read access to Templates group he will be able to link/unlink templates to the host, however, will not see any templates in the template list and will not be able to operate with templates in other places.
  • An Admin level user with Read access to a host will not see the host in the configuration section host list; however, the host triggers will be accessible in IT service configuration.
  • Any non-Zabbix Super Admin user (including 'guest') can see network maps as long as the map is empty or has only images. When hosts, host groups or triggers are added to the map, permissions are respected. The same applies to screens and slideshows as well. The users, regardless of permissions, will see any objects that are not directly or indirectly linked to hosts.
© 2001-2024 by Zabbix SIA. All rights reserved.
Except where otherwise noted, Zabbix Documentation is licensed under the following license
Trademark Policy