When for a device / sensor I un-tick the option 'Inherit Access Rights', and for some of my groups define explicit access rights, all the access right still said to Inherit don't work anymore.
For example, for one of our Customers I added a group in PRTG, and gave it Read rights on a specific device group.
Since it's a new PRTG group, on all underlying devices / sensors it shows in the access rights as Inherit.
However, when logging in with a newly created PRTG user (which is set to only be member of the newly created PRTG group), I don't see the devices / sensors.
For a test on some sensors I enabled the 'Inherit' completely again, and on some sensors I explicitly granted Read rights to the newly created PRTG group, I AM able to see these sensors.
So, it looks like partially inheriting access rights is not working.
Which in turn means I now have to go through thousands of devices / sensors to manually set the access rights for this new PRTG group to Read (I can't fully inherit, because different teams have visibility on different sensors on shared devices)...
Is this a known issue?
Article Comments
Hello there,
I've tested this in PRTG version 18.2.40.1646 (soon to be released, already released as preview) and couldn't reproduce the issue. What I've done was:
- Created a new group called "One of our Customers Group"
- Created a new read/write non-administrative user called "prtgUserCustomer1"
- Removed the "prtgUserCustomer1" from the default "PRTG Users Group"
- Set the primary group of the "prtgUserCustomer1" as "One of our Customers Group"
- At group level, below the Local Probe, configured a group as follows:
ACESS RIGHTS
| One of our Customers Group | Read |
| PRTG Users Group | Inherited(Write) |
- The "prtgUserCustomer1" was able to see (read-only) everything in the group.
- I've later added read/write access to a device within this group, the setting was also applied correctly.
- I've also created a new device (with a different account) in the relevant group, the appropriate credentials were also immediately inherited.
We also don't have any reports or open development tasks related to access rights or access control. I encourage you to double-check that you're not mixing up groups, that the users are members of the appropriate groups and that whenever you break the inheritance, new (correct) settings are applied.
Should you continue to encounter issues, you might want to contact us via E-mail (reference this KB-Post) and we can have a closer look.
Best Regards,
Luciano Lingnau [Paessler Support]
May, 2018 - Permalink
Hi Luciano,
Ah, the old 'multiple Usergroup membership' issue in PRTG...
When checking again the Usergroup membership, I noticed the user was also still member of the PRTG Users Group (I thought I already had removed the new user from this group, but apparently I didn't...)
Now it all seems working (tested it with both PRTG account / group and AD account / group).
Thx for pointing me into the right direction! :-D
May, 2018 - Permalink
Hello Corné,
thank you for your KB-Post/report.
I will attempt to reproduce the reported issue and will let you know how this works out. Stay tuned.
Best Regards,
Luciano Lingnau [Paessler Support]
May, 2018 - Permalink