Granting permission to create, modify, delete CIs

paradise624 · ‎03-31-2023

To grant a group the permission to create, modify, delete and view CIs, do I need to add a role to the group or do I have to modify the ACls?

Bert_c1 · ‎03-31-2023

Hi,

You can review the existing ACLs for the desired table (cmdb_ci) and see what roles are required for 'Create', 'Write', and 'Delete' and then assign users one of the roles. It may be better to create a Group for those users, and assign the needed roles to the group. That way, as group members are modified, the roles will follow. for example, when a user is removed from the group, those roles will also be removed from the user.