Werk #15408: Re-structure permissions for agent registration
|Component||Setup, site management|
|Title||Re-structure permissions for agent registration|
|Date||Feb 23, 2023|
|Checkmk Edition||Checkmk Raw (CRE)|
|Compatibility||Compatible - no manual interaction needed|
In werk 14079, we clarified the permissions required for registering agents. These permissions have been re-worked. To register agents, users now need one of the following permissions:
- Register any existing host (newly introduced): This permission authorizes users to register agents for any existing host.
- Register managed existing host (newly introduced): This permission authorizes users to register agents for all existing hosts they are a contact of.
- Alternatively, users can also register agents for all hosts to which they have read and write access, as before.
This new permission structure allows for separating the registration of agents from the Checkmk administration, since the two new permissions mentioned above do not authorize users to do anything else other than agent registration. To further support this separation, we have introduced a new user role called Agent registration user, which only has these two new permissions.
Note that the Agent pairing permission mentioned in werk 14079 is now deprecated, however, it is still configurable in Checkmk. This is because the changes mentioned in this werk only affect agents with version 2.2 or higher. For the registration of 2.1 agents with 2.2 sites, the old permissions described in werk 14079 still apply (including Agent pairing).