ACL not working as expected.

Sattimsetti raj
Tera Contributor

Hi All,

 

I have created new field called " Support model " in hardware table (cmdb_ci_hardware) and also, I have created the new role called " u_cmdb_ci_manager " users having " u_cmdb_ci_manager " role " Support model " field should be editable.

 

The three main ACLs I've created are:

 

Sattimsettiraj_0-1709129187829.png

 

Sattimsettiraj_1-1709129250060.png

 

Sattimsettiraj_2-1709129284590.png

 

I'm facing some issues with these ACLs because what those ACLs have now done is made some unnecessary fields editable e.g. the Name field should not be editable.

 

Sattimsettiraj_3-1709129408483.png

 

 

So, I was just wondering what I'm doing wrong and what I need to do make this field editable and keep the other fields read only.

1 ACCEPTED SOLUTION

Hi @Sattimsetti raj in that case you need

write level tablename.* ACL to lock all fields and in advance script return false;

and role u_cmdb_ci_manager

Regards
Harish

View solution in original post

22 REPLIES 22

Hi @Sattimsetti raj is there any other write ACL on cmdb ci hardware table? you can deactivate this ACL and try to create new one and test just for testing purpose?

Regards
Harish

Super!! Now I have created new Acl and tested its working fine. but I need to make support model field editable and keep the other fields read only

 

Sattimsettiraj_0-1709192639854.png

 

Hi @Sattimsetti raj in that case you need

write level tablename.* ACL to lock all fields and in advance script return false;

and role u_cmdb_ci_manager

Regards
Harish

Thank you so much for quick response 😊 !

Aman Kumar S
Kilo Patron

Hi @Sattimsetti raj 

You need to get rid of the "cmdb_ci_hardware.*", as this ACL enables edit access for all the fields on the table.

Only keep "cmdb_ci_hardware.none" and "cmdb_ci_hardware.Support model" Write ACL.

 

Best Regards
Aman Kumar