Restrict Write access on cmdb_ci_service table to CI owners and Admin only

Nandini Mishra · ‎05-05-2023

Hi All,

I have a requirement to lock the form on cmdb_ci_service and child tables like service_offering to allow only the owned_by to edit and update the Ci's, how can i achieve this?

Can someone suggest if i write ACL on cmdb_service_ci table it will restrict updating the child table as well?

i tried writing below write ACL but it is not working and itil users still able to update the ci's

Community Alums · ‎05-05-2023

Hi @Nandini Mishra ,

if ACL on child table is defined then parent ACL will be masked with child's one and all priority will be given to child's ACL.

You can refer the below image for sequence of evaluation:

Nandini Mishra · ‎05-05-2023

@Community Alums Is there a way i can write a ACL on cmdb_ci level which can restrict write access to all child tables to the owner of the CI?

Community Alums · ‎05-05-2023

Hi @Nandini Mishra ,

Yes you can Create a ACL on cmbd_ci level. But remember it will affect child tables unless child tables have seperate ACLs, if seperate ACLs are there then parent ACLs won't apply to child tables, otherwise child table will inherit parent table ACLs.

Nandini Mishra · ‎05-05-2023

i see there are out of box write ACL's available on Child tables, that means i have no other option than creating seperate ACL's on child tables to restrict write access?