I've been playing around with the very helpful ZenPack – ZenPacks.skills1st.UserRoles which adds the ability to have a user role – Zen_Operator that allows the user to manage events but not access the rest of the config of zenoss.
This allows the creation of a zenoss user that can operate day-to-day monitoring activities and deal with events without having to give them the ability to mess with device setting configuration settings / organiser locations etc.. i.e. prevent them from junking the setup by mistake. This is very very useful.
(Its slightly surprising this sort of role doesn't come out of the box as standard rather than the read only vs everything options that do)
However, I'd like to also be able to give this Zen_Operator user the ability to change device production status aswell as acknowledge events, but still be unable to change the rest of the settings.
Is this possible by adding further permissions to the zen_operator role?
I've spotted the ZEN_CHANGE_DEVICE_PRODSTATE permission but can't seem to apply it to the role in such a way that allows production state change.
Any pointers on how to do this much appreciated.
This seemingly makes sure that this actions menu is disabled unless the user has the 'Change Device' permission.I updated this to be:
Ext.getCmp('actions-menu').setDisabled(Zenoss.Security.doesNotHavePermission('Change Device Production State'));