Does anyone have any advice on how to go about securing queries built in CMDB Query Builder so they can be safely used in reporting and PA dashboards? CMDB Query Builder is an extremely powerful tool for quickly and easily navigating the complex and confusing waters of the CMDB relationships, and from what I could find, there are 2 roles associated to this: cmdb_query_builder and cmdb_query_builder_read. The cmdb_query_builder role allows users to create/edit/delete queries built in CMDB Query Builder, and the issue we have come across is that the Itil role contains the cmdb_query_builder role. Since there are so many users in the Itil role, we cannot safely allow users to add CMDB QB queries in their dashboards, as anyone can make changes to them. To circumvent this, we have been creating database views joining to the cmdb_rel_ci (relationship) tables to provide reporting that is secure, but this is obviously a less than ideal solution. Is there currently a way to secure CMDB QB queries that I am overlooking? Or will this be something that is addressed in a future release? It would be great if we could lock down specific queries to only certain groups/roles to make changes to it, but that just doesn't seem possible currently - Thank you.
