Werk #8021: hostgroups servicegroups: fixed host / service visible when using group_authorization AUTH_STRICT
Komponente | Livestatus |
Titel | hostgroups servicegroups: fixed host / service visible when using group_authorization AUTH_STRICT |
Datum | 10.07.2014 |
Checkmk Edition | Checkmk Enterprise (CEE) |
Checkmk-Version | 1.2.5i5 |
Level | Kleine Änderung |
Klasse | Bugfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
This only applies with the setting group_authorization = AUTH_STRICT.
When an auth user was given the livestatus tables hostgroups and servicegroups did not check if the auth user had permissions to all objects of the group. As a result the user was able to view host- and servicegroups, even if he was not a contact for every object in it. However, the "forbidden" object itself was not returned, just a subset of the group. This was incorrect. The user needs to be contact of every element in this group. Otherwise he should not see the group at all..