Werk #15408: Re-structure permissions for agent registration

Component Setup, site management
Title Re-structure permissions for agent registration
Date Feb 23, 2023
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 2.2.0b1
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed

In werk 14079, we clarified the permissions required for registering agents. These permissions have been re-worked. To register agents, users now need one of the following permissions:

  • Register any existing host (newly introduced): This permission authorizes users to register agents for any existing host.
  • Register managed existing host (newly introduced): This permission authorizes users to register agents for all existing hosts they are a contact of.
  • Alternatively, users can also register agents for all hosts to which they have read and write access, as before.

This new permission structure allows for separating the registration of agents from the Checkmk administration, since the two new permissions mentioned above do not authorize users to do anything else other than agent registration. To further support this separation, we have introduced a new user role called Agent registration user, which only has these two new permissions.

Note that the Agent pairing permission mentioned in werk 14079 is now deprecated, however, it is still configurable in Checkmk. This is because the changes mentioned in this werk only affect agents with version 2.2 or higher. For the registration of 2.1 agents with 2.2 sites, the old permissions described in werk 14079 still apply (including Agent pairing).

To the list of all Werks