ACL not working as expected.

Sattimsetti raj · ‎02-28-2024

Hi All,

I have created new field called " Support model " in hardware table (cmdb_ci_hardware) and also, I have created the new role called " u_cmdb_ci_manager " users having " u_cmdb_ci_manager " role " Support model " field should be editable.

The three main ACLs I've created are:

I'm facing some issues with these ACLs because what those ACLs have now done is made some unnecessary fields editable e.g. the Name field should not be editable.

So, I was just wondering what I'm doing wrong and what I need to do make this field editable and keep the other fields read only.

Harish KM · ‎02-28-2024

Hi @Sattimsetti raj in that case you need

write level tablename.* ACL to lock all fields and in advance script return false;

and role u_cmdb_ci_manager

Regards
Harish

View solution in original post

Tony Chatfield1 · ‎02-28-2024

Hi,

for the role
Hardware(none) would allow write to the table.
Hardware.Support Model allows write to this specific field.

But Hardware.* is a wild card acl that allows write to all fields of the Hardware table.
I would disable this wild card ACL and see if this resolves your issue.

Sattimsetti raj · ‎02-28-2024

I have disabled the Hardware.* is a wild card acl :

Still, I see " Support model " field read-only and the other fields are editable:

Harish KM · ‎02-28-2024

HI @Sattimsetti raj you dont need table.* ACL as this will grant access to all fields. Deactivate this ACL

field level ACL will override tablename.* ACL which is needed in your case so field level ACL is good to go.

Regards
Harish

Sattimsetti raj · ‎02-28-2024

Hi,

I have disabled the Hardware.* is a wild card acl :

Still, I see " Support model " field read-only and the other fields are editable: