I need to restrict access to several thousands sensors in the diferent places of device tree for particular group.
Article Comments
Now where's that "Make Moderator" button again... :) Great work, thanks!
PRTG Scheduler |
PRTGapi |
Feature Requests |
WMI Issues |
SNMP Issues
Kind regards,
Stephan Linke, Tech Support Team
Nov, 2018 - Permalink
Ok, I can set the access-rights. But only once. When I want to add rights for another user as well, then the rights for the first user are lost. Does that mean that when I update rights, I should set ALL rights <> -1 ? And I have a hard time finding why it's needed to add 'accessgroup=0'. What does it do?
Nov, 2020 - Permalink
Hi gjhiddink,
You are correct - it appears sections like Access Rights require all of properties defined under them to be re-specified whenever you modify a setting. The PRTG UI always resubmits all settings whenever you save the page, however things would not be so simple for a third party library like PrtgAPI, hence why sections like this are currently unsupported.
You can still achieve this however by implementing your own solution that utilizes Get-ObjectProperty and Set-ObjectProperty to respecify all of the access rights properties whenever you apply a new one.
The following demonstrates how you could do this
function Set-PrtgUserAccess
{
[CmdletBinding()]
param (
[Parameter(ValueFromPipeline=$true)]
$Device,
[Parameter(Position=0)]
$UserId,
[Parameter(Position=1)]
$Access
)
Process {
$properties = @(($Device | Get-ObjectProperty -Raw).PSObject.Properties|where name -like "accessrights_*")
$candidateName = "accessrights_$UserId"
if(!($properties|where Name -eq $candidateName))
{
throw "$UserId is not a valid UserId for this object. Valid values are $($properties.name -replace 'accessrights_','' -join ', ')"
}
$parameters = @{
accessrights_=1
accessgroup=0
}
foreach($property in $properties)
{
if($property.Name -eq $candidateName)
{
$parameters.$candidateName = $Access
}
else
{
$parameters.$($property.Name) = $property.Value
}
}
$Device | Set-ObjectProperty -RawParameters $parameters -Force
}
}
# Modify the access rights Get-Device exch* | Set-PrtgUserAccess 301 100 Get-Device exch* | Set-PrtgUserAccess 302 100 # Confirm they were both changed correctly Get-Device exch* | Get-ObjectProperty -Raw | select accessrights_*
In regards to the accessgroup=0 parameter, this corresponds to the "Inherit Access Rights" button found on the Settings page. Specifying a value of 0 indicates that you want inheritance of this section to be disabled, so that you can specify your own values.
Regards,
lordmilko
Nov, 2020 - Permalink
Hi Vitaliy,
This can be done fairly easily with PrtgAPI using PowerShell
While modifying access rights are not currently supported by PrtgAPI's type system, we can still modify the necessary properties for this by constructing a set of raw parameters
The following example shows how to grant Full access permissions to the user with ID 201 on all devices whose name starts with "exch"
Get-Device exch* | Set-ObjectProperty -RawParameters @{ accessrights_=1 accessrights_201=400 accessgroup=0 } -ForceFor ease of use, you can wrap this up in a simple cmdlet wherein you specify the devices, user ID and access level required for the user.
The following access levels can be specified
function Set-PrtgUserAccess { [CmdletBinding()] param ( [Parameter(ValueFromPipeline=$true)] $Device, [Parameter(Position=0)] $UserId, [Parameter(Position=1)] $Access ) Process { $Device | Set-ObjectProperty -RawParameters @{ accessrights_=1 "accessrights_$UserId"=$Access accessgroup=0 } -Force } }For more information on retrieving devices, please see the wiki
Regards,
lordmilko
Nov, 2018 - Permalink