Zenoss Core 5 user role question

7 posts / 0 new
Last post
Lvirden's picture
Last seen: 3 weeks 3 days ago
Joined: 01/11/2016 - 10:29
Posts: 112
Zenoss Core 5 user role question

So, in Zenoss Core Administrator documentation, page 153, there is a table that lists available roles. It lists ZenUser, ZenManager, Manager, and ZenOperator.  4 roles - 2 of which have permissions to do way more than one would want the average user to perform.


The average user would be using ZenUser as a read-only access to the system.

What we want to do is assign some of our operations staff to ZenOperator.


The problem is that when I log in, using a login with the Manager and ZenManager roles, I only see 3 roles.

Since the Core Admin guide, release 5.1.1 lists ZenOperator, I expected to see that role. Is this something I have to create myself?

When I use the search widget at the top of zenoss.org, it doesn't return any information on ZenOperator.  When I search the guide, it lists ZenOperator 3 or 4 times in the context that leads us to believe that's what we want to set up for giving our operators a look at Zenoss.

We would appreciate tips.

Thank you

We are using this version of Zenoss.

Zenoss Zenoss 5.1.1
OS Linux (x86_64) 3.10.0 (Linux d42316e1f0b5 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64)
Zope Zope 2.13.13
Python Python 2.7.5
Database MySQL 5.5.44 (5.5.44-MariaDB)
Twisted Twisted 13.2.0
RabbitMQ RabbitMQ 3.3.5
Erlang Erlang 5.10.4
NetSnmp NetSnmp 5.7.2
PyNetSnmp PyNetSnmp 0.40.0
Control Center

ControlCenter 1.1.1


Lvirden's picture
Last seen: 3 weeks 3 days ago
Joined: 01/11/2016 - 10:29
Posts: 112
Still trying to figure out how to do this

So, with the sound of deafening crickets in my ears, we continue to experient with the unknown by the unknowing in hopes of finding some sort of solutions.

We found an excellent Core 4.x article by Ms. Curry talking about creating user roles. We have no idea what all the permission descriptions mean, but we tried to create a new role. And in fact it appears to be there.

When we try to use it though, Zenoss is unhappy. We try to give the role to a user, and Zenoss says:


Type: <type 'exceptions.KeyError'>
Value: 'OCC'


Traceback (most recent call last):
  File "/opt/zenoss/lib/python2.7/site-packages/ZPublisher/Publish.py", line 126, in publish
    request, bind=1)
  File "/opt/zenoss/lib/python2.7/site-packages/ZPublisher/mapply.py", line 77, in mapply
    if debug is not None: return debug(object,args,context)
  File "/opt/zenoss/lib/python2.7/site-packages/ZPublisher/Publish.py", line 46, in call_object
    result=apply(object,args) # Type s<cr> to step into published object.
  File "/opt/zenoss/Products/ZenModel/UserSettings.py", line 861, in manage_editUserSettings
    roleManager.assignRoleToPrincipal(role, self.id)
  File "<string>", line 8, in assignRoleToPrincipal
  File "/opt/zenoss/lib/python2.7/site-packages/AccessControl/requestmethod.py", line 70, in _curried
    return callable(*args, **kw)
  File "/opt/zenoss/lib/python2.7/site-packages/Products/PluggableAuthService/plugins/ZODBRoleManager.py", line 305, in assignRoleToPrincipal
    role_info = self._roles[ role_id ] # raise KeyError if unknown!
KeyError: 'OCC'

We have tried to do the assignment as "admin", as well as ourselves (which have manager, zenmanager, etc.) privs and to no avail.

While many of our readers may be participating in the festivities at Austin, perhaps between fun times, someone will think of a useful suggestion for resolving this frustrating issue.


Thank you so much, and Zen party on!


Lvirden's picture
Last seen: 3 weeks 3 days ago
Joined: 01/11/2016 - 10:29
Posts: 112
A little bit more information


So the previous post listed the python stack trace. I looked at the last bit and looked up the code. The code starts out:


security.declareProtected( ManageUsers, 'assignRoleToPrincipal' )

def assignRoleToPrincipal( self, role_id, principal_id, REQUEST=None ):

""" Assign a role to a principal (user or group).

o Return a boolean indicating whether a new assignment was created.

o Raise KeyError if 'role_id' is unknown.


role_info = self._roles[ role_id ] # raise KeyError if unknown!


The previous post shows the mention of the KeyError OCC .  I am not a python expert, but I would think that the error we are seeing is saying that the "role_id" passed was "OCC" and that value is unknown.


But the above screen shot shows that the OCC role is listed in the selection widget.


So is there a step between creating a new user role in Zope and using it in Zenoss so that it more than just shows up to be selected, but it actually exists?


Thank you

Kpapenbrock's picture
Last seen: 3 weeks 3 days ago
Joined: 04/27/2016 - 09:11
Posts: 10
Unable to get ZenOperator role established still

Hello out there, Is there anyone in Core trying to set up and new Role as we've mentioned above.  Still not able to get this working.



Ssorato's picture
Last seen: 10 months 5 days ago
Joined: 06/27/2016 - 09:48
Posts: 1
I have added a new role like

I have added a new role like ZenOperator by following this page


The tip was the final commands in zendmd

.. my 2 cents

Lvirden's picture
Last seen: 3 weeks 3 days ago
Joined: 01/11/2016 - 10:29
Posts: 112
Thank you

I had found that page, but didn't originally understand the zendmd message. I looked around but didn't find an easy explanation. Somewhere along the line, I stumbled over bits that I put together to create a snapshot, connect to zendmd, run the appropriate python, commit the snapshot, and finally restart zenoss.

At that point things worked.

Being a novice, I don't know that I have a reproducible series of steps to perform this.

I wasrather surprised that there isn't just a button or menu to do all the work for the admin, though.

Jcurry's picture
Last seen: 3 days 7 hours ago
Joined: 01/02/2014 - 13:04
Posts: 407
I have raised a ticket for

I have raised a ticket for this faulty documentation in the Admin Guide (still the same in 5.2.2) and requested that at least a procedure be published to deliver a ZenOperator role.



Log in to post comments