Strategy to limit access to CMDB data
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-02-2022 06:57 AM
To address security concerns raised by internal teams we are investigating to allow CMDB read write access only to select groups in the organization. CIs are created and updated via Discovery, Asset management and process flows.
- How did you address the security concerns in your environment?
- If you ended up implementing custom ACLs, what is the recommended approach to structure them so they are manageable and do not break OOB functionality?
- What issues did custom ACLs introduce that weren't obvious at first?
- Labels:
-
Discovery

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-02-2022 07:07 AM
We have done this in simple way. We have towers like windows, Linux, storage , backup, network etc. --Created a cmdb librarian group for each tower --Now populated cmdb librarian group in corresponding CI you can use ootb group fields or make custom one, --Added an extra control layer using ACL where logged in user group matches ci librarian group + user has ootb permissions for ci access- allow update.
Hope this helps.
Replying from mobile it breaks the new line
Regards RP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-02-2022 11:17 AM
You mentioned read/write access to certain groups. I support that idea but want to ensure you are allowing read-only access to all.