Best practice for granting read access to 'cmdb_ci_service' table

UbiquitousRD · ‎05-22-2022

Hi,

When building a change request item (record producer) in the Service Catalog, what is the best-practice for granting a non-admin user the ability to read from the 'cmdb_ci_service' table?

For context: I have created a variable on the Catalog Item that is referencing the cmdb_ci_service table, which works and displays the 'Services' list when I am logged in as an admin, but not when viewing the list as a non-admin user.

My initial thought is to create/use a role that allow a user to submit change requests, then create a read ACL on the cmdb_ci_service table and map the ACL to the aforementioned role... is this the best way of achieving what I attempting to do?

Thank you for your help.

suvro · ‎05-22-2022

Since you are using a Record Producer, you do not need permissions to submit a change request for non-admins. You only require a read role on cmdb_ci_service table, that would do the job for you

View solution in original post

suvro · ‎05-22-2022

Since you are using a Record Producer, you do not need permissions to submit a change request for non-admins. You only require a read role on cmdb_ci_service table, that would do the job for you

UbiquitousRD · ‎05-22-2022

Thank you for your answer.

Taking away from your reply it seems like I am on the right track creating a read only ACL on the cmdb_ci_service table and assigning the users who will be submitting the change requests to the role that is mapped to the ACL - is that correct?

Appreciate your help.

suvro · ‎05-22-2022

Yes you are correct.

UbiquitousRD · ‎05-22-2022

OK got it - Appreciate your help!