Professional Documents
Culture Documents
How to do it…
Let's get started on creating these three groups in our Zabbix UI:
1. To do this, navigate to Administration | User groups, which will show you the
following page:
||||||||||||||||||||
||||||||||||||||||||
We will need to fill in the information, starting with Group name, which of course
will be Networking. There are no users for this group yet, so we'll skip that one.
Frontend access is the option to provide us with authentication; if you select
LDAP here, LDAP authentication will be used for authenticating. We will keep
it as System default.
Now, let's move on to the next page, named Permissions:
Tip
Zabbix has a lot of screens with two Add buttons. Always make sure to press
the smaller text one to add your options and the bigger one to complete your
adding of an item – in this case, a host group. Be prepared to press the wrong
button a few times before learning the way Zabbix has implemented this.
Technet24
||||||||||||||||||||
||||||||||||||||||||
Now we will have a new host group called Networking that is only allowed to read
and write to the Templates/Network devices host group:
Figure 1.28 – The Zabbix User groups Permissions configuration window with one host group
4. Then, to add Buying and Inventory, we'll do something differently. We'll repeat the
process we've just done except for the part with the permissions. We want Buying
and Inventory to be able to read our inventory data, but we don't want them to
actually change our host configuration. Add both Templates/Network devices and
Linux servers to the group, but with only Read permissions like this:
||||||||||||||||||||
||||||||||||||||||||
Figure 1.29 – The Zabbix User groups Permissions configuration window with two host groups
Congratulations! Finishing this means you've ended up with three different host groups
and we can continue on to create our first new users! Let's get to it.
Getting ready
To get started, we'll need the server and the newly created user groups from the last recipe.
So, let's start the configuration.
Technet24
||||||||||||||||||||
||||||||||||||||||||
Now we know there are three departments in the company called Cloud Hoster that are
going to use our Zabbix installation. We've created host groups for them but there are also
users in those departments that actually want to use our installation. Let's meet them:
How to do it…
Let's start creating the users. We will start with our Networking department:
||||||||||||||||||||
||||||||||||||||||||
This is where all the user creation magic is happening, as we will be managing all of
our users from this page. To create our first Networking department user named
s_network, click the Create user button on the top-right corner, bringing us to the
following screen:
Technet24
||||||||||||||||||||
||||||||||||||||||||
Last but not least, set a secure password in the Password fields; don't forget it
because we will be using it later. After this, move on to the Permissions tab as we
won't be configuring Media just yet:
||||||||||||||||||||
||||||||||||||||||||
Technet24
||||||||||||||||||||
||||||||||||||||||||
3. Now, for our last user, let's repeat our steps again, changing the alias and the group
in the User tab like this:
• s_network: A user with access to the Networking user group permissions and that
is Zabbix Super Admin.
• y_network: A user with access to the Networking user group permissions and that
is Zabbix Admin.
• r_infra: A user with access to the Infrastructure user group permissions and that is
Zabbix Super Admin.
• e_buy: A user with access to the Buying and Inventory user group permissions and
that is Zabbix User.
||||||||||||||||||||
||||||||||||||||||||
Getting ready
To get started with SAML authentication, we will need our configured Zabbix server from
the previous recipe. It's important that we have all the configured users from the previous
recipe. We will also need something to authenticate with SAML. We will be using Azure
Active Directory (AD) SAML.
Make sure to set up users in your (Azure) AD before continuing with this recipe. You
can use your existing AD users for authentication, so you can use this recipe with your
existing AD setup.
We will be using the s_network user as an example:
Technet24
||||||||||||||||||||