Documentation

This is the documentation page for an unsupported version of Zabbix.
Is this not what you were looking for? Switch to the current version or choose one from the drop-down menu.
1 Manual structure
2 What is Zabbix
3 Zabbix features
4 Zabbix overview
5 What's new in Zabbix 4.2.0
6 What's new in Zabbix 4.2.1
7 What's new in Zabbix 4.2.2
8 What's new in Zabbix 4.2.3
9 What's new in Zabbix 4.2.4
10 What's new in Zabbix 4.2.5
11 What's new in Zabbix 4.2.6
12 What's new in Zabbix 4.2.7
13 What's new in Zabbix 4.2.8
2. Definitions
1 Server
2 Agent
3 Proxy
1 Setup from sources
2 Setup from RHEL/CentOS packages
3 Setup from Debian/Ubuntu packages
5 Sender
6 Get
1 Getting Zabbix
Best practices for secure Zabbix setup
Building Zabbix agent on macOS
Building Zabbix agent on Windows
1 Red Hat Enterprise Linux/CentOS
2 Debian/Ubuntu/Raspbian
3 Windows agent installation from MSI
4 Mac OS agent installation from PKG
5 Installation from containers
1 Red Hat Enterprise Linux/CentOS
2 Debian/Ubuntu
Upgrade from sources
7 Known issues
8 Template changes
9 Upgrade notes for 4.2.0
10 Upgrade notes for 4.2.1
11 Upgrade notes for 4.2.2
12 Upgrade notes for 4.2.3
13 Upgrade notes for 4.2.4
14 Upgrade notes for 4.2.5
15 Upgrade notes for 4.2.6
16 Upgrade notes for 4.2.7
17 Upgrade notes for 4.2.8
18 Upgrade notes for 4.2.9
1 Login and configuring user
2 New host
3 New item
4 New trigger
5 Receiving problem notification
6 New template
6. Zabbix appliance
1 Configuring a host
2 Inventory
3 Mass update
1 Item key format
2 Custom intervals
Windows-specific item keys
1 Dynamic indexes
2 Special OIDs
3 MIB files
3 SNMP traps
4 IPMI checks
1 VMware monitoring item keys
6 Log file monitoring
7 Calculated items
8 Internal checks
9 SSH checks
10 Telnet checks
11 External checks
12 Aggregate checks
13 Trapper items
14 JMX monitoring
1 Recommended UnixODBC settings for MySQL
2 Recommended UnixODBC settings for PostgreSQL
3 Recommended UnixODBC settings for Oracle
4 Recommended UnixODBC settings for MSSQL
16 Dependent items
17 HTTP agent
18 Prometheus checks
3 History and trends
1 Extending Zabbix agents
5 Loadable modules
6 Windows performance counters
7 Mass update
8 Value mapping
9 Applications
10 Queue
11 Value cache
12 Check now
1 Configuring a trigger
2 Trigger expression
3 Trigger dependencies
4 Trigger severity
5 Customising trigger severities
6 Mass update
7 Predictive trigger functions
1 Trigger event generation
2 Other event sources
3 Manual closing of problems
Event tags
2 Global event correlation
1 Simple graphs
2 Custom graphs
3 Ad-hoc graphs
1 Configuring a network map
2 Host group elements
3 Link indicators
1 Screen elements
4 Slide shows
5 Host screens
1 Configuring a template
2 Linking/unlinking
3 Nesting
4 Mass update
1 Standardized templates for network devices
1 E-mail
2 SMS
3 Jabber
4 Ez Texting
5 Custom alertscripts
1 Conditions
1 Sending message
2 Remote commands
3 Additional operations
4 Using macros in messages
3 Recovery operations
4 Update operations
5 Escalations
3 Receiving notification on unsupported items
1 Macro functions
2 User macros
3 Low-level discovery macros
1 Configuring a user
2 Permissions
3 User groups
8. Service monitoring
1 Web monitoring items
2 Real life scenario
1 Virtual machine discovery key fields
11. Maintenance
12. Regular expressions
13. Problem acknowledgement
1 Host groups
2 Templates
3 Hosts
4 Network maps
5 Screens
1 Configuring a network discovery rule
2 Active agent auto-registration
1 Discovery of network interfaces
2 Discovery of CPUs and CPU cores
3 Discovery of SNMP OIDs
4 Discovery of JMX objects
5 Discovery using ODBC SQL queries
6 Discovery of Windows services
7 Discovery using Prometheus data
8 Discovery of host interfaces in Zabbix
Notes on low-level discovery
1 Proxies
1 Using certificates
2 Using pre-shared keys
1 Connection type or permission problems
2 Certificate problems
3 PSK problems
1 Dashboard widgets
2 Problems
3 Overview
4 Web
5 Latest data
6 Graphs
7 Screens
8 Maps
9 Discovery
10 Services
1 Overview
2 Hosts
1 System information
2 Availability report
3 Triggers top 100
4 Audit
5 Action log
6 Notifications
1 Host groups
2 Templates
1 Applications
2 Items
3 Triggers
4 Graphs
5 Discovery rules
6 Web scenarios
4 Maintenance
5 Actions
6 Event correlation
7 Discovery
8 Services
1 General
2 Proxies
3 Authentication
4 User groups
5 Users
6 Media types
7 Scripts
8 Queue
1 Global notifications
2 Sound in browsers
3 Global search
4 Frontend maintenance mode
5 Page parameters
6 Definitions
7 Creating your own theme
8 Debug mode
> Action object
action.create
action.delete
action.get
action.update
> Alert object
alert.get
apiinfo.version
> Application object
application.create
application.delete
application.get
application.massadd
application.update
configuration.export
configuration.import
> Correlation object
correlation.create
correlation.delete
correlation.get
correlation.update
> Dashboard object
dashboard.create
dashboard.delete
dashboard.get
dashboard.update
> Discovered host object
dhost.get
> Discovered service object
dservice.get
> Discovery check object
dcheck.get
> Discovery rule object
drule.create
drule.delete
drule.get
drule.update
> Event object
event.acknowledge
event.get
> Graph object
graph.create
graph.delete
graph.get
graph.update
> Graph item object
graphitem.get
> Graph prototype object
graphprototype.create
graphprototype.delete
graphprototype.get
graphprototype.update
> History object
history.get
> Host object
host.create
host.delete
host.get
host.massadd
host.massremove
host.massupdate
host.update
> Host group object
hostgroup.create
hostgroup.delete
hostgroup.get
hostgroup.massadd
hostgroup.massremove
hostgroup.massupdate
hostgroup.update
> Host interface object
hostinterface.create
hostinterface.delete
hostinterface.get
hostinterface.massadd
hostinterface.massremove
hostinterface.replacehostinterfaces
hostinterface.update
> Host prototype object
hostprototype.create
hostprototype.delete
hostprototype.get
hostprototype.update
> Icon map object
iconmap.create
iconmap.delete
iconmap.get
iconmap.update
> Image object
image.create
image.delete
image.get
image.update
> Item object
item.create
item.delete
item.get
item.update
> Item prototype object
itemprototype.create
itemprototype.delete
itemprototype.get
itemprototype.update
> LLD rule object
discoveryrule.copy
discoveryrule.create
discoveryrule.delete
discoveryrule.get
discoveryrule.update
> Maintenance object
maintenance.create
maintenance.delete
maintenance.get
maintenance.update
> Map object
map.create
map.delete
map.get
map.update
> Media type object
mediatype.create
mediatype.delete
mediatype.get
mediatype.update
> Problem object
problem.get
> Proxy object
proxy.create
proxy.delete
proxy.get
proxy.update
> Screen object
screen.create
screen.delete
screen.get
screen.update
> Screen item object
screenitem.create
screenitem.delete
screenitem.get
screenitem.update
screenitem.updatebyposition
> Script object
script.create
script.delete
script.execute
script.get
script.getscriptsbyhosts
script.update
> Service object
service.adddependencies
service.addtimes
service.create
service.delete
service.deletedependencies
service.deletetimes
service.get
service.getsla
service.update
task.create
> Template object
template.create
template.delete
template.get
template.massadd
template.massremove
template.massupdate
template.update
> Template screen object
templatescreen.copy
templatescreen.create
templatescreen.delete
templatescreen.get
templatescreen.update
> Template screen item object
templatescreenitem.get
> Trend object
trend.get
> Trigger object
trigger.adddependencies
trigger.create
trigger.delete
trigger.deletedependencies
trigger.get
trigger.update
> Trigger prototype object
triggerprototype.create
triggerprototype.delete
triggerprototype.get
triggerprototype.update
> User object
user.checkAuthentication
user.create
user.delete
user.get
user.login
user.logout
user.update
> User group object
usergroup.create
usergroup.delete
usergroup.get
usergroup.update
> User macro object
usermacro.create
usermacro.createglobal
usermacro.delete
usermacro.deleteglobal
usermacro.get
usermacro.update
usermacro.updateglobal
> Value map object
valuemap.create
valuemap.delete
valuemap.get
valuemap.update
> Web scenario object
httptest.create
httptest.delete
httptest.get
httptest.update
Appendix 1. Reference commentary
Appendix 2. Changes from 4.0 to 4.2
Zabbix API changes in 4.2
1 Frequently asked questions / Troubleshooting
1 Database creation
2 Zabbix agent on Microsoft Windows
3 Elasticsearch setup
4 Migration to TimescaleDB
5 Real-time export of events, values, trends
1 Zabbix server
2 Zabbix proxy
3 Zabbix agent (UNIX)
4 Zabbix agent (Windows)
5 Zabbix Java gateway
6 Special notes on "Include" parameter
1 Server-proxy data exchange protocol
2 Zabbix agent protocol
3 Zabbix sender protocol
4 Header
5 Real-time export protocol
1 Items supported by platform
2 vm.memory.size parameters
3 Passive and active agent checks
4 Trapper items
5 Minimum permission level for Windows agent items
6 Encoding of returned values
7 Large file support
8 Sensor
9 Notes on memtype parameter in proc.mem items
10 Notes on selecting processes in proc.mem and proc.num items
11 Implementation details of net.tcp.service and net.udp.service checks
12 Item value preprocessing details
13 Supported JSONPath functionality
14 Preprocessing by Javascript details
15 Unreachable/unavailable host settings
16 Remote monitoring of Zabbix stats
1 Supported trigger functions
1 Supported macros
2 User macros supported by location
8 Unit symbols
9 Setting time periods
10 Command execution
11 Recipes for monitoring
12 Performance tuning
13 Version compatibility
14 Database error handling
15 Zabbix sender dynamic link library for Windows
16 Issues with SELinux
17 Other issues
zabbix_agentd
zabbix_get
zabbix_proxy
zabbix_sender
zabbix_server

3 User groups

Overview

User groups allow to group users both for organizational purposes and for assigning permissions to data. Permissions to monitoring data of host groups are assigned to user groups, not individual users.

It may often make sense to separate what information is available for one group of users and what - for another. This can be accomplished by grouping users and then assigning varied permissions to host groups.

A user can belong to any amount of groups.

Configuration

To configure a user group:

  • Go to Administration → User groups
  • Click on Create user group (or on the group name to edit an existing group)
  • Edit group attributes in the form

The User group tab contains general group attributes:

All mandatory input fields are marked with a red asterisk.

Parameter Description
Group name Unique group name.
Users To add users to the group click Select button.
Frontend access How the users of the group are authenticated.
System default - use default authentication method (set globally)
Internal - use Zabbix internal authentication (even if LDAP authentication is used globally).
Ignored if HTTP authentication is the global default.
LDAP - use LDAP authentication (even if internal authentication is used globally).
Ignored if HTTP authentication is the global default.
Disabled - access to Zabbix frontend is forbidden for this group
Enabled Status of user group and group members.
Checked - user group and users are enabled
Unchecked - user group and users are disabled
Debug mode Mark this checkbox to activate debug mode for the users.

The Permissions tab allows you to specify user group access to host group (and thereby host) data:

Current permissions to host groups are displayed in the Permissions block.

If current permissions of the host group are inherited by all nested host groups, that is indicated by the including subgroups text in the parenthesis after the host group name.

You may change the level of access to a host group:

  • Read-write - read-write access to a host group;
  • Read - read-only access to a host group;
  • Deny - access to a host group denied;
  • None - no permissions are set.

Use the selection field below to select host groups and the level of access to them (note that selecting None will remove host group from the list if the group is already in the list). If you wish to include nested host groups, mark the Include subgroups checkbox. This field is auto-complete so starting to type the name of a host group will offer a dropdown of matching groups. If you wish to see all host groups, click on Select.

Note that it is possible for Zabbix Super Admin users in host group configuration to enforce the same level of permissions to the nested host groups as the parent host group.

The Tag filter tab allows you to set tag based permissions for user groups to see problems filtered by tag name and its value:

To select a host group to apply a tag filter for, click Select to get the complete list of existing host groups or start to type the name of a host group to get a dropdown of matching groups. If you want to apply tag filters to nested host groups, mark the Include subgroups checkbox.

Tag filter allows to separate the access to host group from the possibility to see problems.

For example, if a database administrator needs to see only "MySQL" database problems, it is required to create a user group for database administrators first, than specify "Service" tag name and "MySQL" value.

user_group_tag_filter_2.png

If "Service" tag name is specified and value field is left blank, corresponding user group will see all problems for selected host group with tag name "Service". If both tag name and value fields are left blank but host group selected, corresponding user group will see all problems for selected host group. Make sure a tag name and tag value are correctly specified otherwise a corresponding user group will not see any problems.

Let's review an example when a user is a member of several user groups selected. Filtering in this case will use OR condition for tags.

User group A User group B Visible result for a user (member) of both groups
Tag filter
Host group Tag name Tag value Host group Tag name Tag value
Templates/Databases Service MySQL Templates/Databases Service Oracle Service: MySQL or Oracle problems visible
Templates/Databases blank blank Templates/Databases Service Oracle All problems visible
not selected blank blank Templates/Databases Service Oracle Service:Oracle problems visible

Adding a filter (for example, all tags in a certain host group "Templates/Databases") results in not being able to see the problems of other host groups.

Host access from several user groups

A user may belong to any number of user groups. These groups may have different access permissions to hosts.

Therefore, it is important to know what hosts an unprivileged user will be able to access as a result. For example, let us consider how access to host X (in Hostgroup 1) will be affected in various situations for a user who is in user groups A and B.

  • If Group A has only Read access to Hostgroup 1, but Group B Read-write access to Hostgroup 1, the user will get Read-write access to 'X'.

“Read-write” permissions have precedence over “Read” permissions starting with Zabbix 2.2.

  • In the same scenario as above, if 'X' is simultaneously also in Hostgroup 2 that is denied to Group A or B, access to 'X' will be unavailable, despite a Read-write access to Hostgroup 1.
  • If Group A has no permissions defined and Group B has a Read-write access to Hostgroup 1, the user will get Read-write access to 'X'.
  • If Group A has Deny access to Hostgroup 1 and Group B has a Read-write access to Hostgroup 1, the user will get access to 'X' denied.

Other details

  • An Admin level user with Read-write access to a host will not be able to link/unlink templates, if he has no access to the Templates group. With Read access to Templates group he will be able to link/unlink templates to the host, however, will not see any templates in the template list and will not be able to operate with templates in other places.
  • An Admin level user with Read access to a host will not see the host in the configuration section host list; however, the host triggers will be accessible in IT service configuration.
  • Any non-Zabbix Super Admin user (including 'guest') can see network maps as long as the map is empty or has only images. When hosts, host groups or triggers are added to the map, permissions are respected. The same applies to screens and slideshows as well. The users, regardless of permissions, will see any objects that are not directly or indirectly linked to hosts.
  • Zabbix server will not send notifications to users defined as action operation recipients if access to the concerned host is explicitly "denied".
© 2001-2024 by Zabbix SIA. All rights reserved.
Except where otherwise noted, Zabbix Documentation is licensed under the following license
Trademark Policy