Create an asset team who can not write to certain fields

Nicholas Hromya
Giga Guru

‎02-09-2026 10:41 AM - edited ‎02-09-2026 02:04 PM

We have an asset team who has the asset role.

I want another team who has similar roles, but can only read:

o Assigned to
o Serial Number
o Asset Tag
o Model
o Configuration Item
o Comments

 

I thought I could give this new group asset role and set a client script if they are in this group, they can only read these fields.  I haven't been able to get this to work.  I tried alm_asset.ci and just ci.  Doesn't seem to work.

Other ideas?

NicholasHromya_0-1770674603710.png

 

 

Thanks

Nick

0 Helpfuls
  • 783 Views
6 REPLIES 6

Nicholas Hromya
Giga Guru

‎02-09-2026 02:05 PM

I changed the group name to the sys_id of the group.  That seems to have helped.  Some fields are set to read only and others are not.  I think I need to find the correct field name.

0 Helpfuls

Nicholas Hromya
Giga Guru

‎02-09-2026 02:14 PM

I am finding the user in the new group (that should have read only) can still write to assigned_to and comments.  It appears these are indeed in the alm_asset table therefore I tried alm_asset.assigned_to and alm_asset.comments.  This did not work.  😞

 

 

0 Helpfuls

Nicholas Hromya
Giga Guru

‎02-10-2026 03:47 PM

I tried a UI policy on the HAM workspace, but this didn't work either.  The user in the group could still write to the comments and change the assigned_to.  😞

 

0 Helpfuls

lauri457
Tera Sage

‎02-10-2026 05:09 PM - edited ‎02-10-2026 05:16 PM

Keep in mind that any restriction client side is easily circumventable.  If you need true restriction then you need to use e.g. acls and a new role

 

Fairly simple to work out what you need to do using the access analyzer

lauri457_0-1770772428359.png

 

0 Helpfuls