Grant access to import set data only for the tables the user is authorized to view.

AishwaryaG90115 · 3 weeks ago

We need to grant users access to the following three tables based on their assigned import set table permissions:

Import Set Row
Import Set Run (Transform History)
Import Set Row Error

The key condition is that users should only be able to view records associated with the specific import set tables they have access to.

Example:

User A has access to the following import set tables:

u_cmdb_ci_netgear
u_cmdb_ci_server

User B has access to:

u_cmdb_ci_server
u_cmdb_ci_computer

Expected Access:

User A

Can access Import Set Row records for u_cmdb_ci_netgear and u_cmdb_ci_server
Cannot access records related to u_cmdb_ci_computer
Can access Transform History (Import Set Run) for u_cmdb_ci_netgear and u_cmdb_ci_server
Can access Import Set Row Error records for u_cmdb_ci_netgear and u_cmdb_ci_server

User B

Can access Import Set Row records for u_cmdb_ci_computer and u_cmdb_ci_server
Can access Transform History (Import Set Run) for u_cmdb_ci_computer and u_cmdb_ci_server
Can access Import Set Row Error records for u_cmdb_ci_computer and u_cmdb_ci_server

Vijaya_Mnpram · 3 weeks ago

@AishwaryaG90115 I guess, server table is in both the user's access. Hope it's a typo.

To achieve this, you need to create different roles for User A and User B and configure ACL's on the table basing on the allowed access.

For example, for User A, create a role like 'network_import_admin' and give it to the group User A belong. Next step would be to configure ACL's on u_cmdb_ci_netgear.

Similarly for User B, create a role like 'computer_import_admin' and give it to the group User B belongs. Next step would be to configure ACL's on u_cmdb_ci_computer table.

OOB roles can't really differentiate between tables on import. You need to go with custom roles and ACLs.