Can I hide the Ci Relationship Edit button for certain roles?

MikeB2 · ‎08-06-2018

We want to stop ordinary users from managing CI relatiosnhips. Can we hide the + button? Depending on role?

Mark Stanger · ‎08-06-2018

Looks like that button is tied to the row-level 'Write' security ACL for the actual CI record. In order to remove that button, you need to set up (or edit) a 'write' ACL with the correct roles. In my out-of-box instance, I just had to remove the 'itil' role frorm the 'write' ACL on the 'cmdb_ci' table.

While that removes the relationship button, it's less-than-optimal that it also disallows writing to the entire CI record. You could also do the following...

1) Adjust the 'Create' ACL on the 'cmdb_rel_ci' (CI Relationship) table so that it requires specific roles. If they can't create records on this table, it won't matter if they can see the plus icon...other than it's a bad user experience because they see the icon and believe they can.

2) If you still want to remove that button and retain access for restricted users to actually edit the CI record, you could set up an 'onLoad' client script on the 'cmdb_ci' table with the 'Inherited' checkbox checked (so that it applies to the entire CMDB). That client script would need to include code like this...

// Hide the 'Add' icon on the relationship editor unless the user has the 'asset' role
if (!g_user.hasRole('asset')) {
    $('add_relationship').hide();
}

View solution in original post

Paul Curwen · ‎05-07-2021

💡

Quick somewhat obvious tip. You do not have to add this to every table extended from cmdb_ci, just set your Table to cmdb_ci click the Inherited field to make it true on the Client Script and this will fire on any table extended from cmdb_ci:

***If Correct/Helpful please take time mark as Correct/Helpful. It is much appreciated.***

Regards

Paul

abibalu · ‎08-24-2021

Is there any way to hide the add icon in upstream relationship in relationship editor? I should allow the user to add only downstream.