Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 4.7
-
Fix Version/s: Unscheduled
-
Component/s: Core CiviCRM
-
Labels:
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:User and Admin Doc
-
Funding Source:Contributed Code
Description
Jon K Goldberg and I have been discussing the future of the CiviMonitor extension, and we're thinking it can be retired except for one feature: the "Access CiviMonitor" permission that allows a user access to the system.check API without granting them Administer CiviCRM.
I think it might be worthwhile to add that permission into core now that the system check is used in core. The permission is an alternative to granting the API user Administer CiviCRM permission, making the system less vulnerable in case the Nagios server is compromised.
If this isn't added into core, CiviMonitor will be released for 4.7 with more-or-less the sole purpose of adding that permission. Please leave your thoughts for or against including the permission in core.