ACL not working as expected.

Sattimsetti raj · ‎02-28-2024

Hi All,

I have created new field called " Support model " in hardware table (cmdb_ci_hardware) and also, I have created the new role called " u_cmdb_ci_manager " users having " u_cmdb_ci_manager " role " Support model " field should be editable.

The three main ACLs I've created are:

I'm facing some issues with these ACLs because what those ACLs have now done is made some unnecessary fields editable e.g. the Name field should not be editable.

So, I was just wondering what I'm doing wrong and what I need to do make this field editable and keep the other fields read only.

Harish KM · ‎02-28-2024

Hi @Sattimsetti raj in that case you need

write level tablename.* ACL to lock all fields and in advance script return false;

and role u_cmdb_ci_manager

Regards
Harish

View solution in original post

Harish KM · ‎02-28-2024

Hi @Sattimsetti raj is there any other write ACL on cmdb ci hardware table? you can deactivate this ACL and try to create new one and test just for testing purpose?

Regards
Harish

Sattimsetti raj · ‎02-28-2024

Super!! Now I have created new Acl and tested its working fine. but I need to make support model field editable and keep the other fields read only

Harish KM · ‎02-28-2024

Hi @Sattimsetti raj in that case you need

write level tablename.* ACL to lock all fields and in advance script return false;

and role u_cmdb_ci_manager

Regards
Harish

Sattimsetti raj · ‎02-29-2024

Thank you so much for quick response 😊 !

Aman Kumar S · ‎02-28-2024

Hi @Sattimsetti raj

You need to get rid of the "cmdb_ci_hardware.*", as this ACL enables edit access for all the fields on the table.

Only keep "cmdb_ci_hardware.none" and "cmdb_ci_hardware.Support model" Write ACL.

Best Regards
Aman Kumar