Allow roles to filter for the currently logged in user

[chas0rde]

In nagios it was possible to limit the hosts/services visible to a logged in user based on contact information. e.g. if userA was logged into the webfrontend he would only see hosts and services with her/him assigned as a contact.
This allows users to see only systems they are actually responsible for instead of having to somehow filter away issues of system out of their responsibility.

It would be nice to have something similar in icingaweb2.

Context

e.g. we assign hosts AND services custom variables via icinga director, that respresent

• responsible <-- single string value
• deputy <-- single string value
• additional informational users <-- array of string values

These vars are then pulled (among other vars) by notfication assign-where's to map the required notifications thus allowing easy deployment.

It would be great to have a functionality that allows e.g. filtering like
host.vars.responsible=="$currentUser$" || host.vars.deputy=="$currentUser$"||"$currentUser$" in host.vars.addition_users

Your Environment

• Icinga Web 2 version and modules (System - About): 2.5.3
• Version used (icinga2 --version): r2.8.4-1
• Operating System and version: ubuntu 16 LTS
• Enabled features (icinga2 feature list):
  Disabled features: compatlog elasticsearch gelf icingastatus influxdb livestatus opentsdb perfdata statusdata syslog
  Enabled features: api checker command debuglog graphite ido-mysql mainlog notification
• Config validation (icinga2 daemon -C):
• If you run multiple Icinga 2 instances, the zones.conf file (or icinga2 object list --type Endpoint and icinga2 object list --type Zone) from all affected nodes.

[chas0rde]

initial discussion can be found at https://monitoring-portal.org/t/limit-visible-hosts-and-services-to-assigned-contacts/2842

[lippserd]

Hi,

Thanks for the report. We consider this for our next feature release. But I don't have an exact schedule yet though.

Best,
Eric