Clean up ACL on cmdb_ci

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2017 07:27 AM
Hi, I'm in the middle of going through all ACL for our Configuration Items. Here's what I'm looking for:
- A role that have read access to all the tables that extend [cmdb_ci]. Here I'm thinking of using the itil role but exclude the delete/write/create privileges so that users with the role only can read from this table and all the one extending from it.
- Create another role that have create/write/delete for users that should be able to do so.
The question is: Is there a way to delete all ACL from all the other tables so that all security is inherited from cmdb_ci (see Fig. 01 below)? ping ctomasi
Fig. 01
Question #2
Here's what it looks like now on a table that extends Network Gear. Do I need to specify ACL here (where it says itil now - Fig. 02)? And what happens if I delete these 4 access control rows?
Fig. 02
Compared to Fig. 03 that Optic modules is extending from the ACL list is blank. Does that mean that it gets the access rights from the table that this table extends from?
Fig. 03
Basically, what I'm looking for is as few ACL's as possible in order to manage them easy for all the Configuration items. Anyone with good ideas?
Kind regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2017 04:47 AM

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2017 05:44 AM
Hello!
What about ACL already defined in the screendums. Can I delete these since they all extend from cmdb_ci in in some way without users beeing locked out from these modules? The GUI sais: "Security Rules (ACLs) are required if anyone other than an administrator needs to work with this table. Creating default security rules will grant full access to this table to anyone with the user role you specify.".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2017 05:55 AM
One tidbit of advice: Don't delete the ACL's. Instead, set the active flag to false. Same effect as delete, but you can easily undo it if needed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-10-2017 05:57 AM
We create ACL on a table when we want to limit the access of users on certain tables. For example If I want that users with role itil can only write into incident table.so I will put a write ACL on incident table for this role