Make CMDB read only for ITIL users

Allison3 · ‎09-28-2016

I'm wanting our ITIL users to have read-only access to the CMDB. I have a group created that will be the CMDB Admins and they should be the only ones who can edit/delete/enter CIs or alter any part of the CMDB.

Is there an easier way to do this than changing the ACLs on the ITIL role?

I know I can make the forms read-only but there are a lot of forms. I don't want to alter the ACLs because I have a select group of ITIL users who will need to be able to edit the CMDB.

cameronrichard · ‎09-28-2016

Hi Allison,

The best way to do this is to alter the ACLs. Would it not work to give your select group of ITIL users the CMDB Admin role?

Thanks,

Cameron

Joshua Cassity · ‎09-28-2016

I would tend to agree with Cameron on this one. You'd need to modify the 'read' ACL to only allow a specific role to read (either a custom role that you created or the cmdb admin role).

Allison3 · ‎10-10-2016

I want ITIL users to have read access to the CMDB, but not write access. Then I will give specific users the CMDB admin role ecmdb_admin.

Joshua Cassity · ‎10-10-2016

Sounds like you need two ACLs

One Read to include the ITIL Role

One Write to include whatever other OOTB or custom role you'd want to grant.

~ J ~