Managing NagVis permissions in WATO

Using Multisite and WATO in 1.1.13 makes it possible to manage users, roles and permissions for Multisite and Nagios including managing Host to User relations.

NagVis uses it's own mechanism for controlling user permissions. There are general permissions and map specific permission which can be assigned to roles. Roles can be assigned to users to permit the user to do something.

For a seamless integration it is needed to hide the NagVis user/permission management and make the NagVis permissions controllable by WATO.

The wato auth module generates a file called auth.multisite which informs NagVis about the permissions of the single users. NagVis reads the file and uses the provided information when configured to use the autorisation module CoreAuthorizationModMultisite.

It writes out a file which directly defines the permissions of the single users without telling NagVis anything about roles or similar. The permissions for each user are written out as list of permissions per user.

The file is updated whenever a user or a role change is saved in WATO.

This feature is disabled by default.

The generation of the NagVis auth file must be enabled by setting the option wato_write_nagvis_auth to True in multisite.mk. This module only works in OMD environments at the moment.

To use the auth.multisite file you need to configure NagVis to use CoreAuthorizationModMultisite as authorisation module by putting the following options in the NagVis main configuration file. In an OMD site it might be the following path relative to the sites home directory:

 [global]
 authorisationmodule="CoreAuthorisationModMultisite"

This feature is available since NagVis release 1.6.1.