How to restrict access to particular CI classes such that only particular groups can edit them?

Go to solution
Vidv1
Kilo Contributor

‎08-13-2019 10:53 PM

Hi,

I have a requirement to particular create groups for each CI class and give access to only those groups to be able to read, edit and delete their respective CI Class CIs and not the others.

For example: If there's a CI class 'Sharepoint' - a group will be created for it, with members in it - and only these members should be able to make changes to the 'Sharepoint' CI class CIs. They should be only be able to read other CI class CIs but not edit them.

I have understood ACLs can be used, but not sure how. What can be done here?

Please help. Thanks in advance!

0 Helpfuls
  • 2,239 Views
1 ACCEPTED SOLUTION

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron

‎08-13-2019 10:57 PM

Create a create/write/delete ACL on Sharepoint CI table with script as 

 

answer = gs.getUser().isMemberOf('<Group Name>');

 

Similarly create/write/delete it for all the tables, where you want restricted access.


Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

2 REPLIES 2

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron

‎08-13-2019 10:57 PM

Create a create/write/delete ACL on Sharepoint CI table with script as 

 

answer = gs.getUser().isMemberOf('<Group Name>');

 

Similarly create/write/delete it for all the tables, where you want restricted access.


Please mark this response as correct or helpful if it assisted you with your question.

Go to solution
AbdulAzeez
Mega Guru

‎08-13-2019 11:12 PM

Hi,

 

Since you want to make changes only for a specific group lets say it as 'Hardware' group, only members of Hardware group should change the Sharepoint CI.

 

Table name of Sharepoint CI is : cmdb_ci_appl_sharepoint

 

You need to create an ACL of type Write and select the table as cmdb_ci_appl_sharepoint

 

Elevate security_admin role first and navigate to ACL;s table by simply typing acl in navigation bar under System Security-> Access Control(ACL)

 

Click New and select operation as Write and under Name field select your cmdb_ci_appl_sharepoint table name and click on Advanced checkbox as True.

 

if (gs.getUser().isMemberOf('Hardware'))
return true;
else
return false;

 

 

Please Mark Helpful / Correct based on the Impact

Abdul Azeez