What is an ACL? What is the significance of "answer = false" in the ACL script.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2023 02:39 AM
I have Attached the screenshots of an ACL, With reference to the screenshot I need the following answers.
1) What does this ACL do?
2) What is this roles required?
3) What is the meaning of "answer = false" in the ACL script?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2023 02:41 AM
@Hrishabh Kumar Hi!
If you want to restrict all user not to access "child Incidents" field, change script command:-
If you unchecked Admin override the even admin can't see the field because restriction applied for everyone.
write in Acl script:-
answer = false;//instead of writing false directly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2023 02:43 AM
1) What does this ACL do? --> Write access is not permitted on any field for cmdb_ci_cloud_service table For users with ITIL and CMDB Read role
2) What is this roles required? --> This is applicable for users with these roles, for users that don't have this role the ACL will by default return false.
3) What is the meaning of "answer = false" in the ACL script? --> access is not permitted.
Read the description on the ACL that will help you understand the intention of this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2023 02:47 AM
Other roles except "ITIL" and "cmdb_read" will be able to write data in the "cmdb_ci_cloud_service_account" table? and What if we replace "answer=false" to "answer=true"?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2023 02:55 AM - edited 01-30-2023 02:55 AM
- Other roles except "ITIL" and "cmdb_read" will be able to write data in the "cmdb_ci_cloud_service_account" table? -> Not unless there is any other ACL that will allow it.
- and What if we replace "answer=false" to "answer=true"? -> then Users with any of these roles will be able to write(edit) records on this table