Clean up ACL on cmdb_ci

Henrik Jutterst
Tera Guru

‎10-04-2017 07:27 AM

Hi, I'm   in the middle of going through all ACL for our Configuration Items. Here's what I'm looking for:

  • A role that have read access to all the tables that extend [cmdb_ci]. Here I'm thinking of using the itil role but exclude the delete/write/create privileges so that users with the role only can read from this table and all the one extending from it.
  • Create another role that have create/write/delete for users that should be able to do so.

The question is: Is there a way to delete all ACL from all the other tables so that all security is inherited from cmdb_ci (see Fig. 01 below)? ping ctomasi

find_real_file.png

Fig. 01

Question #2

Here's what it looks like now on a table that extends Network Gear. Do I need to specify ACL here (where it says itil now - Fig. 02)? And what happens if I delete these 4 access control rows?

find_real_file.png

Fig. 02

Compared to Fig. 03 that Optic modules is extending from the ACL list is blank. Does that mean that it gets the access rights from the table that this table extends from?

find_real_file.png

Fig. 03

Basically, what I'm looking for is as few ACL's as possible in order to manage them easy for all the Configuration items. Anyone with good ideas?

Kind regards

Preview file
188 KB
Preview file
208 KB
Preview file
172 KB
0 Helpfuls
  • 1,849 Views
6 REPLIES 6

Henrik Jutterst
Tera Guru
In response to nehasr1288

‎10-13-2017 04:00 AM

Ok... So correct me if I'm wrong. But does this mean that my three screen shots in original post that all users with itil role have the same access rights on all of these tables?


0 Helpfuls

nehasr1288
Tera Expert
In response to Henrik Jutterst

‎10-10-2017 05:57 AM

and also always deactivate, never delete, so it is better for recovery


0 Helpfuls