As per best practices for making updates to CI, especially when Auto Discovery tools/SN Discovery is implemented, ServiceNow had once told us:
"Restrict Manual Updates
- Limit manual updates to authorized users only (e.g., CMDB Managers or CI Owners).
- Use role-based access control (RBAC) to prevent unauthorized changes."
But OOTB, ITIL user can create CI, update CI and even Delete CI. This can pose various issues/risks like:
Data Integrity Risks
Lack of Governance
Audit and Compliance Issues
Conflict with Discovery/Integration Sources
etc
Q - HOW are you governing/controlling updates to CMDB tables? Have you modified the ACLs to restrict CRUD for ITIL users or using as it is?
Just curious to know how you are handling this today.
Thanks in advance!
Q
How are you handling and restricting CMDB updates especially with Discovery implemented?
