cant remove write access to cmdb_ci from itil and give to another group.

RBlor
Mega Guru

So I am trying to lock down write access to Configuration items to only a group with sn_cmdb_editor role, but can't for the life of me do it. I have tried removing sn_cmdb_editor from itil and I still see a itil user having access to write CIs and the test user was still able to edit a server. I have also tried an allow if write ACL to only allow the sn_cmdb_editor role user, and the test user without the role can still edit. Is there something I'm missing? My now support tech cant figure it out either. Any help or advice is appreciated.

1 ACCEPTED SOLUTION

Shivalika
Mega Sage

Hello @RBlor 

 

Make use of DENY part of ACL. This came in Xanadu and works like magic if you want to deny at all costs unless a particular condition is met and Deny ACLs are evaluated first in order with respect to grant ACLs. 

 

So Deny Unless and add this role. 

 

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket. 

 

Regards,

 

Shivalika 

 

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

 

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

View solution in original post

3 REPLIES 3

Shivalika
Mega Sage

Hello @RBlor 

 

Make use of DENY part of ACL. This came in Xanadu and works like magic if you want to deny at all costs unless a particular condition is met and Deny ACLs are evaluated first in order with respect to grant ACLs. 

 

So Deny Unless and add this role. 

 

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket. 

 

Regards,

 

Shivalika 

 

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

 

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

that was perfect thank you!

Hello @RBlor 

 

I am glad you found it helpful 😊 

 

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket. 

 

Regards,

 

Shivalika 

 

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

 

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY