- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-24-2025 09:12 AM
So I am trying to lock down write access to Configuration items to only a group with sn_cmdb_editor role, but can't for the life of me do it. I have tried removing sn_cmdb_editor from itil and I still see a itil user having access to write CIs and the test user was still able to edit a server. I have also tried an allow if write ACL to only allow the sn_cmdb_editor role user, and the test user without the role can still edit. Is there something I'm missing? My now support tech cant figure it out either. Any help or advice is appreciated.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-24-2025 10:05 AM
Hello @RBlor
Make use of DENY part of ACL. This came in Xanadu and works like magic if you want to deny at all costs unless a particular condition is met and Deny ACLs are evaluated first in order with respect to grant ACLs.
So Deny Unless and add this role.
Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket.
Regards,
Shivalika
My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194
My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-24-2025 10:05 AM
Hello @RBlor
Make use of DENY part of ACL. This came in Xanadu and works like magic if you want to deny at all costs unless a particular condition is met and Deny ACLs are evaluated first in order with respect to grant ACLs.
So Deny Unless and add this role.
Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket.
Regards,
Shivalika
My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194
My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-24-2025 10:33 AM
that was perfect thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-24-2025 10:34 AM
Hello @RBlor
I am glad you found it helpful 😊
Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket.
Regards,
Shivalika
My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194
My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY
