<html> <head> <style></style></head> <body class='hmmessage'><div dir='ltr'>Hello All,<br><br>Think I am missing something obvious here. Running core 3.2 and an trying to add a user to the web console. I only want this user to have rights to the hosts that he is a contact for.<br><br>I have a host group called broadband which has no services associated with it . I am only using the host ping to the ip of the broadband interface to check if my remote broadbands are up & running. I have a contact set up for this hostgroup which gets an email if a broadband interface goes down. I wanted to give the contact access to the nagios web console for this host group only to be able to acknowledge alerts.<br><br>I added a new user via htpasswd and have use-authentication=1 in the cgi.cfg file. The user can log into the web console but sees all hosts and can run commands on other hosts outside of the broadband hostgroup <br><br>Looks like everything in the cgi.cfg file is ok, the contact is not listed anywhere under any of the authorized_for_XXXX access.<br><br>What did I miss ?? From what I read, <br><br> <i>Authenticated contacts<sup><a href="http://nagios.sourceforge.net/docs/3_0/cgiauth.html#definitions">*</a></sup></i> are granted the following permissions for each <b>host</b> for which they are contacts (but not for hosts for which they are not contacts)... If the contact broadband is not a contact for anything but the hostgroup store_broadband, why can he get into other hosts and put them in scheduled down time let alone see them?<BR><br><BR>Thanks,<BR>Steve<br><BR> <br> </div></body> </html>