How to provide create access to all cmdb table for only one country users

sk59
Tera Expert

Hello All,

 

We have requirement where in specific country users(ex:India) should have create access to ALL CMDB tables.

When we built a create ACL it is providing access to India users but it is not letting other country users to create(Few ACL's were written on some specific CMDB tables already for other countries to provide access but this is not executing).

 

So the requirement here is whatever the acl's present on specific tables for any countries should not get overridden it should work as it is and also we need to provide all tables create access to India.

Help me achieve this.

5 REPLIES 5

Harsh_Deep
Giga Sage
Giga Sage

Hello @sk59 

 

Share snip of your ACL

Ashok Sasidhara
Tera Sage
Tera Sage

What is the business rationale behind this? This requirement is not aligned with CMDB best practices. It is still ok if it was only read access for all the users from a country. But giving create & modify access to the CMDB to a large number of users is not at all recommended as it can easily lead to data quality issues due to manual errors. Even the OOB ServiceNow ACL for CMDB (i.e. all ITIL users having access to modify the CMDB) is typically modified and restricted to relevant users as part of usual implementations. Only groups containing configuration managers should have access to modify the entire CMDB. In addition to that, the permission to modify each CI class should be restricted to the respective CI class owners only.

we are providing create access to only for users who has specific role.This is providing access to those users but in turn it is removing access to other users which it should not in our case. As there are separate acl's which are written on some child tables to provide access to other users.

ersureshbe
Giga Sage
Giga Sage

Hi, If you are in Vancouver version you use 'Access Analyzer' and troubleshoot your ACL. When you focus on accessing all users from one region - Is that fulfiller or End users as well? End users are not recommended to access the all table.

For some business reason, you want to allow the table why can't you focus only cmdb_ci table? It holds all child table data but limited info will be available.

Regards,
Suresh.