Configuration Module visibility

VM3
Tera Contributor

Hello Team,

I have following requirements.

1) Need to hide Configuration Item module and everything underneath completely for all users except Admin. Only Admin can have CRUD access on this module and everything under it.

2) Need to create separate Group and assign Read ONLY access to this hidden module. [Configuration Item module and everything under it.]

Currently I can see that it can be accessed by anyone having below Roles which is OOB.

a) asset

b) itil

c) itil_admin

d)cmdb_read

 

Can you please help me how can I achieve this requirements step by step?

Thanks.

 

1 ACCEPTED SOLUTION

Then you need to create ACL's on every table under the CI and the CI table also 

which is create , write, read and delete ACL's on each table where you need do at table level 

table.None and select the type accordingly 

then in the roles just admin for write , create and delete acl's but for rea ACL's give the role which you want to give for READ users 

please mark my answer correct if it helps you

View solution in original post

8 REPLIES 8

Mohith Devatte
Tera Sage
Tera Sage

Hello @VM ,

1) I think you can create a group and add members to it and you can give only admin to that group

2) Remove the other roles like  itil , asset, itil_Admin and cmdb_read and give only admin in module configuration

please mark my answer correct if it helps you

Hello @Mohith Devatte,

If I give Admin role to that Group and Add members, they will have full access [CRUD]. 

I just want READ only access for this group. 

Please advise.

Thanks.

 

@VM okay then so what ever roles you give in the module that role users will have read access right ?

then we don't need a group only 

am I MAKING Sense? or i understood it wrong?

Yes Mohith,

So we need as below.

1) Only Admins will have [CRUD] access on this [Configuration Item] module and all modules under it.

2) Need a Role which can have READ ONLY access to this [Configuration Item] module and all modules under it.

3) Once Role is defined, I can assign it to a Group and all members in that Group can have Read only access.

 

Thanks.