- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2019 01:15 PM
cmdb_ci_service table has 3 read ACLs, some users from CMDB does have write access to these table and other doesn't have write access. I am trying to find what ACls could have been given to CMDB group to have write access to the Business Service table. When I look in the ACL table I can only find 3 read ACLs on cmdb_ci_service table. Can someone help me understand how this group was granted Write acess to this table.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2019 04:04 PM
Yes, this is because there was already a write ACL on one of the parent tables. As soon as you create a write ACL on this table, it overrides the ACL on the parent table.
So the key is to do the steps I gave you above to find the exact ACL that is currently being applied for write access, then if you decide you want to create a new ACL for your table, you also need to make a copy of that other ACL (along with its roles) that is currently controlling access, and set it to apply to your table.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2019 03:57 PM
Hey Rick, the easiest way to do this is to login as an admin, and find the menu option in the left hand Nav called “Debug Security” and click it.
Now impersonate one of the users who has access and navigate to the table. Under the form, it will show you output of the ACLs and which ones passed/failed. This will show you what you need to know.
Since cmdb_ci_service is an extended table, I bet the write access is being granted on one of the parent tables in the hierarchy, which will trickle down to the child tables if no specific ACL is set on that child table.
Let me know if this guides you to the answer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2019 04:00 PM
Thanks for reply Jon. My whole point here is I am trying to give write access to a group so I created a new role and added it to newly created write ACL on cmdb_ci_service. When I check the table with people who already have an access, they lost their access and people with the new role only have the write access now. Please help me find a solution here. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2019 04:04 PM
Yes, this is because there was already a write ACL on one of the parent tables. As soon as you create a write ACL on this table, it overrides the ACL on the parent table.
So the key is to do the steps I gave you above to find the exact ACL that is currently being applied for write access, then if you decide you want to create a new ACL for your table, you also need to make a copy of that other ACL (along with its roles) that is currently controlling access, and set it to apply to your table.
