- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-02-2013 07:19 PM
When a ITIL user view's Open Incidents they see a Caller Field. If they click the name in the Caller Field they are taken to that User's Profile and are able to edit information on that, this creates a Security Issue for use.
This also occurs when in an Incident and clicking the fly over next to the Caller field.
I'm looking for a way to take this away from from the ITIL user, I've looked at the ACL rules and modified some but still get the same results.
Solved! Go to Solution.
- Labels:
-
Incident Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-03-2013 10:46 AM
Which fields do you want to change? By default, in newer releases with the High Security plugin activated, a user with ANY role can edit a user record. However, there are additional security rules on particular fields that only allows the "admin" role to edit them, such as "active", "auditor", "company", etc...
So, that being said, any field that does not have a specific "write" rule on it will be editable by users with any role. So you need to create a field-level write rule for each particular field you want to protect or modify the record-level rule to only allow the appropriate roles the ability to modify the record.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-03-2013 10:46 AM
Which fields do you want to change? By default, in newer releases with the High Security plugin activated, a user with ANY role can edit a user record. However, there are additional security rules on particular fields that only allows the "admin" role to edit them, such as "active", "auditor", "company", etc...
So, that being said, any field that does not have a specific "write" rule on it will be editable by users with any role. So you need to create a field-level write rule for each particular field you want to protect or modify the record-level rule to only allow the appropriate roles the ability to modify the record.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-10-2021 02:33 PM
Its may an old Post but i created on every field an specific ACL but its still not working on some Fields.
What could be my Issue - Can you suggest
My Process Users have the sn_customerservice_agent role but even if i add this one as an Field Level ACL it doesnt makes it editable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-10-2021 02:52 PM
Aeh - I am not sure sn_customerservice_agent would give access to change management in the first place as that is a CSM role.
Change Management is an ITSM module, so you probably need an ITSM ("itil" role) license.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-11-2021 05:37 AM
Hi Christian - Sorry maybe i was misunderstanding.
I want to grant Users with the specific Role (can be a custom) access to the User Records on the User Table that they can maintain the four Fields in the System
My four Fields would be
First Name
Last Name
Business Phone
Mobile Phone
I tried it with an specific ACL on the Sys_User Table and created 4 ACLs on the Fields with Write Action but still the field appears Read Only