Only allow users with ecmdb_admin to create, update and delete CIs;All others can only read ci's

jaiho_rai · ‎07-16-2024

Only allow users with ecmdb_admin to create, update and delete CIs;

All others can only read the ci's

AnirudhKumar · ‎07-16-2024

As it is, it's so easy to mess up the CMDB.

Why do you wish to increase the possibility to damage it further?

jaiho_rai · ‎07-21-2024

Customers specifically needed such roles to access a certain group, I tried to convenience them but they disagreed.

Ashok Sasidhara · ‎07-22-2024

It is fine to provide the access as long as you are giving it to a limited number of users who are supposed to manage the CMDB as per your configuration management process. For example, the access to modify the entire CMDB should be limited to configuration manager and configuration analysts. In addition to that, for specific CI classes, it is fine to give the access only to people who act as the owners of that CI class.