Container permissions

First of all, you need to get used to our "Container" based permissions. All objects like Users, Hosts, Contacts, Templates, etc. are bound to a container.

/root container

The "/root" container is a bit special. All objects assigned to this container, are globally visible for all users! This container is designed to assign common used objects to it like the "Ping" service template or the time period "24x7".

If you assign a host to the "/root" container, it is not possible to change the container assignment later anymore!

Users that are assigned to "/root" container, will automatically become a global administrator with full privileges to all objects.

Global admins are marked with the yellow crown:

Container tree

Containers will work like a tree. The container "/root" will be always the top of the tree. The next layer in the tree could be a "Tenant". Tenants could be departments of your company or even different companies using the same openITCOCKPIT. Inside of a Tenant, you can create "Nodes". This will help to implement your companies structure into the monitoring environment.

So a basic tree will look like /root/Tenant/Node/.

To make it more visible, we create a Tenant called "Demo Tenant" at Container management Containers

The container tree will now looks like /root/Demo Tenant

In the next step, we create "Nodes" inside of the "Demo Tenant" at Container management Tenants.

In this example, we create an own node for the "Data center team", and for the "Developers". So every team can create their hosts inside of their own container. The container tree will now look like:

/root/Demo Tenant/Team Data Center
/root/Demo Tenant/Team Developers

You can assign users to different layers in the container tree.

If you assign a user to the container /root the user will become a global admin and see all objects of all tenants.

If you assign a user to /root/Demo Tenant the user will see all objects, inside of the Tenant including all sub containers.

If you assign a user to /root/Demo Tenant/Team Developers the user will see all objects, inside of the container "Team Developers" including all sub containers.

In addition, it is also possible to set read and write permissions to every container, for every user. Navigate to User management Manage Users and create a new user. You can now select all containers, where the user should be part of, and grant read only or read and write permissions for each container.

As you can see, Container based permissions can get complex, but they provide you the possibility to grant permissions very granular.