How to create a user with read only access to all objects in xoa for monitoring purposes
-
Hi
I am working on setting up monitoring of xoa using the zabbix template at https://github.com/bufanda/zabbix--template-xenorchestra
The monitoring uses a token to access xoa and retrieve the information about xoa, pools, hosts and storage. It works quite well if the token comes from an admin user but I would like to gather this information using a token from a user that is only able to view information and is not able to modify anything in xoa. I thought that I could do this by creating a user account with user permissions and then giving them the Viewer role for all objects but what I see when the check runs using this user's token is:xoa.check {} { "code": 2, "data": { "permission": "admin", "object": {} }, "message": "not enough permissions", "name": "XoError", "stack": "XoError: not enough permissions at Module.unauthorized (/usr/local/lib/node_modules/xo-server/node_modules/xo-common/src/api-errors.js:21:32) at Xo.call (file:///usr/local/lib/node_modules/xo-server/src/xo-mixins/api.mjs:145:18) at Api.#callApiMethod (file:///usr/local/lib/node_modules/xo-server/src/xo-mixins/api.mjs:387:29) at runNextTicks (node:internal/process/task_queues:60:5) at processImmediate (node:internal/timers:454:9) at process.callbackTrampoline (node:internal/async_hooks:130:17)"I did try applying ACL's to an admin user that set the role for all objects to viewer but that user account appears to maintain full access to xoa.
Just wondering how to get a user to be able to have the xoa.check permission but not be able to modify objects in xoa.
Thank you
-
Ping @julien-f
-
Any advance? I am also setting up this same zabbix template.
-
Ping @lsouai-vates
