ACL not working as expected.

Sattimsetti raj
Tera Contributor

Hi All,

 

I have created new field called " Support model " in hardware table (cmdb_ci_hardware) and also, I have created the new role called " u_cmdb_ci_manager " users having " u_cmdb_ci_manager " role " Support model " field should be editable.

 

The three main ACLs I've created are:

 

Sattimsettiraj_0-1709129187829.png

 

Sattimsettiraj_1-1709129250060.png

 

Sattimsettiraj_2-1709129284590.png

 

I'm facing some issues with these ACLs because what those ACLs have now done is made some unnecessary fields editable e.g. the Name field should not be editable.

 

Sattimsettiraj_3-1709129408483.png

 

 

So, I was just wondering what I'm doing wrong and what I need to do make this field editable and keep the other fields read only.

1 ACCEPTED SOLUTION

Hi @Sattimsetti raj in that case you need

write level tablename.* ACL to lock all fields and in advance script return false;

and role u_cmdb_ci_manager

Regards
Harish

View solution in original post

22 REPLIES 22

Hi @Sattimsetti raj

First ensure your not making field readonly on dictionary level and via scripts and

As showed in screenshot, Enable debug security and click on the debugged to check which ACL is not allowing to edit the field

HarishKM_0-1709183701355.png

look for the red ones here for write ACL

HarishKM_1-1709183742717.png

 

Regards
Harish

I see red mark is showing its created by me write role to the support group field. 

 

Sattimsettiraj_0-1709186050310.png

 

Sattimsettiraj_1-1709186364250.png

 

 

Hi @Sattimsetti raj what do you have in advanced script section of ACL?

Regards
Harish

I don't have its blank only:

Sattimsettiraj_0-1709187172869.png

 

Hi @Sattimsetti raj can you uncheck the advanced check box also I dont see the fieldname in ACL. can you check that and confirm also the user your testing has the role?

HarishKM_0-1709187368066.png

 

Regards
Harish