ACL not working as expected.

Sattimsetti raj
Tera Contributor

Hi All,

 

I have created new field called " Support model " in hardware table (cmdb_ci_hardware) and also, I have created the new role called " u_cmdb_ci_manager " users having " u_cmdb_ci_manager " role " Support model " field should be editable.

 

The three main ACLs I've created are:

 

Sattimsettiraj_0-1709129187829.png

 

Sattimsettiraj_1-1709129250060.png

 

Sattimsettiraj_2-1709129284590.png

 

I'm facing some issues with these ACLs because what those ACLs have now done is made some unnecessary fields editable e.g. the Name field should not be editable.

 

Sattimsettiraj_3-1709129408483.png

 

 

So, I was just wondering what I'm doing wrong and what I need to do make this field editable and keep the other fields read only.

1 ACCEPTED SOLUTION

Hi @Sattimsetti raj in that case you need

write level tablename.* ACL to lock all fields and in advance script return false;

and role u_cmdb_ci_manager

Regards
Harish

View solution in original post

22 REPLIES 22

user role was: u_cmdb_ci_manager

 

Sattimsettiraj_0-1709187738054.png

 

 

Hi @Sattimsetti raj is there any scripts which is making the field readonly?

Regards
Harish

Hi,

 

NO, its new field I have created.

Hi @Sattimsetti raj I just tested in PDI, here is what i did,

1.created a new field "Support Mod" on cmdb_ci_hardware table

2.created a new role u_cmdb_ci_manager

3. Assigned user Fred luddy u_cmdb_ci_manager role

4. Created a Write ACL as below

HarishKM_0-1709189048373.png

HarishKM_0-1709189376969.png

 

Result:

1. As Fred with u_cmdb_ci_manager role. Field editable

HarishKM_1-1709189116980.png

tested as itil user, field not editable

HarishKM_2-1709189174846.png

 

 

 

Regards
Harish

My instance is not working. anything less needs to be check?