Security Roles

A Security Roles is a set of permissions and can be assigned to an User. They regulate access to the Web User Interface and the ReST API to exchange monitoring and inventory information. In case of a distributed installation, the Minion or Remote Poller instances interact with OpenNMS HORIZON and require specific permissions which are defined in the Security Roles ROLE_MINION and ROLE_REMOTING.

The following Security Roles are available:

Table 1. Functions and existing system roles in OpenNMS HORIZON
Security Role Name Description

anyone

In case the opennms-webapp-remoting package is installed, any user can download the Java Webstart installation package for the remote poller from http://opennms.server:8980/opennms-remoting/webstart/app.jnlp.

ROLE_ANONYMOUS

Allows HTTP OPTIONS request to show allowed HTTP methods on a ReST resources and the login and logout page of the Web User Interface.

ROLE_ADMIN

Permissions to create, read, update and delete in the Web User Interface and the ReST API.

ROLE_ASSET_EDITOR

Permissions to just update the asset records from nodes.

ROLE_DASHBOARD

Allow users to just have access to the Dashboard.

ROLE_JMX

Allows retrieving JMX metrics but does not allow executing MBeans of the OpenNMS HORIZON JVM, even if they just return simple values.

ROLE_MINION

Minimal amount of permissions required for a Minion to operate.

ROLE_MOBILE

Allow user to use OpenNMS COMPASS mobile application to acknowledge Alarms and Notifications via the ReST API.

ROLE_PROVISION

Allow user to use the Provisioning System and configure SNMP in OpenNMS HORIZON to access management information from devices.

ROLE_READONLY

Limited to just read information in the Web User Interface and are no possibility to change Alarm states or Notifications.

ROLE_REMOTING

Permissions to allow access from a Remote Poller instance to exchange monitoring information.

ROLE_REST

Allow users interact with the whole ReST API of OpenNMS HORIZON

ROLE_RTC

Exchange information with the OpenNMS HORIZON Real-Time Console for availability calculations.

ROLE_USER

Default permissions of a new created user to interact with the Web User Interface which allow to escalate and acknowledge Alarms and Notifications.

How to manage Security Roles for Users:
  1. Login as a User with administrative permissions

  2. Choose Configure OpenNMS from the user specific main navigation which is named as your login user name

  3. Choose Configure Users, Groups and On-Call roles and select Configure Users

  4. Modify an existing User by clicking the modify icon next to the User

  5. Select the Role from Available Roles in the Security Roles section

  6. Use Add and Remove to assign or remove the Security Role from the User

  7. Click Finish to persist and apply the Changes

  8. Logout and Login to apply the new Security Role settings