CI delete access fro ITIL role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2018 10:44 AM
Hi,
The OOTB ITIL role has the access to delete and Create the CI. As per the ITIL framework this is not very ideal scenario. Support team should not be able to delete and create CI.
For one of our customers, we are thinking to restrict the access for ITIL user to Read and Update only.
Before we do this, I wanted to check the following -
1. Why does ITIL role has full access - CRUD for CMDB.
2. Is it standard practice to have full access?
3. What could be the possible impacts if the access is restricted to update and read?
Thanks in advance.
- Labels:
-
Enterprise Asset Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2018 11:44 AM
The last two places I worked at we left ITIL with only read access to the CMDB and gave Create / Write to ecmdb_admin. Delete to only admin.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2022 09:30 PM
Hi Brian,
I am also looking for the same solution. Could you please provide the steps to achieve the above.
Thanks,
Abby
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2022 06:15 AM
I just updated the ACLs and remove ITIL from all but read. Then gave make sure the OOB ecmdb_admin role had access create, read and write. the ACLs are on the cmdb_ci table if I remember correctly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2019 08:20 AM
Have you got solution for this? If yes, please let me know. What is the correct approach and if we modify ootb ACL's, Is there any impact on integration, Discovery?
