Roles and permissions
Roles represent specific permissions that you can assign to a group of users. Among other options, groups and roles allow you to use separate groups, with different roles for the same users, in different Collection Zone instances, if desired.
Roles are specific to each application in Zenoss Cloud, including Zenoss Cloud itself. For more information about assigning roles to groups, see Managing groups.
Collection Zone roles
Collection Zones support one set of roles that provides cumulative privileges and a customizable role:
- The ZenUser → ZenOperator → ZenManager set provides cumulative privileges for all Collection Zone UI features.
- The Delegate to Collection Zone role provides the privileges you define through administered objects.
For more information about roles in Collection Zones, see Managing users.
ZenUser → ZenOperator → ZenManager
| ZenUser | ZenOperator | ZenManager | |
|---|---|---|---|
| Read access for all Collection Zone objects |  |
|
|
| Read-write access for event management |  |
|
|
| Read-write access for all Collection Zone objects | |
|
|
Combine ZenOperator and ZenUser to grant read access, but also allow write privileges for acknowledging and closing events, moving events to history, setting production states, running commands, and adding log messages to events. Also, you can associate the ZenOperator role with an individual device, a device class, or a group of devices.
Zenoss Cloud roles
Zenoss Cloud includes two sets of roles that provide cumulative privileges:
- The Read Only User → User → Manager set provides cumulative privileges for most Zenoss Cloud UI features.
- The Key Creator → Key Administrator → Manager set provides cumulative privileges for authentication key creation and management.
Typically, all users get one of the roles from the first set, but only a few also get a role from the second set.
Read Only User → User → Manager roles
This set provides cumulative privileges for most Zenoss Cloud UI features.
| Read Only User | User | Manager | |
|---|---|---|---|
| Display public Zenoss Cloud dashboards | |
|
|
| Display Zenoss Cloud events consoles | |
|
|
| Display Smart View pages | |
|
|
| Display inventory view and create queries | |
|
|
| Create Zenoss Cloud dashboards | |
|
|
| Copy dashboard templates | |
|
|
| Edit individual metric dictionary entries | |
|
|
| Create events in the Events console | |
|
|
| Edit or delete any user's public dashboard | |
|
|
| Create and manage actions | |
|
|
| Manage user session security | |
|
|
| Create and delete user groups and user accounts | |
|
|
| Create and delete a customized login message | |
|
|
| Manage the metric dictionary | |
|
|
| Create and manage policies | |
|
|
| Create and manage credentials | |
|
|
Key Creator → Key Administrator → Manager roles
This set provides cumulative privileges for authentication key creation and management. For more information, see Enabling client access.
| Key Creator | Key Administrator | Manager | |
|---|---|---|---|
| Create API Clients for Collection Zone API clients | |
|
|
| Create and delete keys for your Collection Zone API clients | |
|
|
| Create and delete API Clients for Zenoss API clients | |
|
|
| Create and delete keys for Zenoss API clients | |
|
|
| Delete keys from any API Client | |
|
|