When a user authenticates via OAuth, Thruk retrieves the user’s group memberships from the OAuth provider. These groups are then mapped to roles and permissions within Thruk, allowing for fine-grained access control without manual user management.

Teams and their associated roles/permissions are defined in data files. These files can be managed manually or generated programmatically, providing flexibility for integration with external systems or custom workflows.

These files typically reside in the var/thruk/teams/ directory and must have the same name as the OAuth group they represent, with a .json extension.

The files are best managed from the config tool ui.

Thruk supports a _fallback mechanism for teams. If a user’s group is not explicitly mapped in the teams configuration, the system can fall back to a default set of roles or permissions. The file name is _fallback.json in the same directory as the other team files.

Instead of static json files, teams can also be defined via scripts. These scripts must be executable and return valid json data. This allows for dynamic generation of team configurations based on external data sources or logic. The scripts should be placed in the same var/thruk/teams/ directory and have the appropriate executable permissions without a extension, ex.: var/thruk/teams/team_name

There is a generic fallback script possible as well, named _fallback in the same directory: var/thruk/teams/_fallback

All scripts will receive the following environment variables:

The first argument is the group name itself.