How to add an IP Address List to the new Global IP Exclusion feature available in Rome

Go to solution
Jason82
Tera Guru

‎11-01-2021 07:29 AM

We have a fairly large list of IP Addresses we exclude from Discovery Schedules. I am reviewing the new Global IP Exclusion feature in Rome to determine how we will transition to it. 

 

I have reviewed the Rome release notes for Use Global Excludes List for IP addresses and ranges. I'm getting hung up on Step #5 and I'm not sure why.

  1. I can successfully navigate to Global IP Exclusion > IP Exclusion.
  2. There are no records in this list, so I click on New
  3. There are no existing IP collections so I click on New
  4. I select IP Address List
  5. I name it "Test exclude 1" and click Save.

At this point I don't see any items I can select under the Related List for Collection of IP addresses. I also do not see a New button to create a new list. 

I have the discovery_admin role. What am I missing here? 

I'm wondering if there is something sort of permissions or security issue preventing me from selecting or adding a new record?

 

find_real_file.png

 

Labels:
Preview file
61 KB
0 Helpfuls
  • 3,982 Views
1 ACCEPTED SOLUTION

Go to solution
MarkyMark1
Tera Expert

‎11-04-2021 02:01 PM

Seeing the same behavior.  

View solution in original post

9 REPLIES 9

Go to solution
Richard Hine
Tera Guru
Tera Guru
In response to Jason82

‎11-02-2021 01:07 PM

It looks like it is falling through to a default ACL which is then preventing the New/Edit, but I've been caught up in project work and haven't been able to confirm it. Will look again tomorrow if I can.

Go to solution
Jason82
Tera Guru
In response to Richard Hine

‎11-02-2021 11:32 AM

I upgraded my PDI to Rome Patch 1 and could replicate what you are seeing.

When logged in as my admin account I could see the "New" and "Edit" buttons.

When I impersonated a standard account with the discovery_admin role I do not see the "New" and "Edit" buttons for maintaining the IP Address List.

Go to solution
Jason82
Tera Guru
In response to Jason82

‎11-11-2021 07:08 AM

Fix is under the reply from user MarkyMark below who figured it out. We verified in a non-production instance and validated it works with a Quick Discovery.

0 Helpfuls

Go to solution
MarkyMark1
Tera Expert

‎11-04-2021 02:01 PM

Seeing the same behavior.  

Go to solution
Jason82
Tera Guru
In response to MarkyMark1

‎11-11-2021 07:07 AM

Here is the proposed solution from Now Support.

OOB we allow write for records in ip_address_collection, for users with role maint if this is not a new ip collection record 
https://mcsmtrain.service-now.com/sys_security_acl.do?sys_id=b206d4a23b3222002dc9239434efc4ac

Added agent_admin role to the sys user role for the security rule acl and I was able to edit the fields for the ip collection with Jason A Clements impersonated.

Our admin modified the ACL to [ip_address_collection] but I still could not view or edit the IP addresses in the list even though the Summary field shows there were addresses.

After running the security debugger they determined the the tables [ip_address_list_item_m2m] and [ip_address_item] were also involved. Modify the ACL for those tables resolved the issue.

We can now successfully create an IP Exclusions record and add/edit the IP addresses on the list.

 

0 Helpfuls