Security Roles

A Security Roles is a set of permissions and can be assigned to an User. They regulate access to the Web User Interface and the ReST API to exchange monitoring and inventory information. In case of a distributed installation, the Minion or Remote Poller instances interact with OpenNMS HORIZON and require specific permissions which are defined in the Security Roles ROLE_MINION and ROLE_REMOTING.

The following Security Roles are available:

Table 1. Functions and existing system roles in OpenNMS HORIZON
Security Role Name Description


In case the opennms-webapp-remoting package is installed, any user can download the Java Webstart installation package for the remote poller from http://opennms.server:8980/opennms-remoting/webstart/app.jnlp.


Allows HTTP OPTIONS request to show allowed HTTP methods on a ReST resources and the login and logout page of the Web User Interface.


Permissions to create, read, update and delete in the Web User Interface and the ReST API.


Permissions to just update the asset records from nodes.


Allow users to just have access to the Dashboard.


Allows retrieving JMX metrics but does not allow executing MBeans of the OpenNMS HORIZON JVM, even if they just return simple values.


Minimal amount of permissions required for a Minion to operate.


Allow user to use OpenNMS COMPASS mobile application to acknowledge Alarms and Notifications via the ReST API.


Allow user to use the Provisioning System and configure SNMP in OpenNMS HORIZON to access management information from devices.


Limited to just read information in the Web User Interface and are no possibility to change Alarm states or Notifications.


Permissions to allow access from a Remote Poller instance to exchange monitoring information.


Allow users interact with the whole ReST API of OpenNMS HORIZON


Exchange information with the OpenNMS HORIZON Real-Time Console for availability calculations.


Default permissions of a new created user to interact with the Web User Interface which allow to escalate and acknowledge Alarms and Notifications.

How to manage Security Roles for Users:
  1. Login as a User with administrative permissions

  2. Choose Configure OpenNMS from the user specific main navigation which is named as your login user name

  3. Choose Configure Users, Groups and On-Call roles and select Configure Users

  4. Modify an existing User by clicking the modify icon next to the User

  5. Select the Role from Available Roles in the Security Roles section

  6. Use Add and Remove to assign or remove the Security Role from the User

  7. Click Finish to persist and apply the Changes

  8. Logout and Login to apply the new Security Role settings