Professor
Professor10 minutes ago, Mike Moniz said:Please stop having the wizard add snmp and esxi and other properties to the root group when using the Add Device Wizard or respect RBAC permissions for users running the wizard.
We try to use SNMP v3 when possible with all our customers and that doesn't uses the snmp.community property. But if someone uses the wizard for a completely different customer for v2c, it sets snmp.community on root and via inheritance to all other customer's devices and it breaks them. We or our customers then get a bunch of false No Data alerts as LM switch over to using v2c, even with v3 creds provided or our attempts to force v3 with snmp.version. ESXi creds on root can also cause a problem because we sometimes use a domain account for vcenter access, so it looks like "customer/username" and then we end up leaking customer names and usernames to any customer who can look at any info page.
Thanks!
This is a specific case of the more general "RBAC and groups are not sufficient to support an MSP model", which I have been trying to get fixed for years. There needs to be structural support for multiple clients, not bolted on as is currently done.
I never use the wizard, didn't realize it did this was how it worked :).
