Restrict read access to RITM variable content

RhianClarke
Tera Contributor

Hi, I have a requirement to restrict read access to one catalog item's variable contents. The catalog item needs to remain open for all users to write/complete & submit.

Once logged/completed, we need the variable contents to be only visible to one specific itil group. 

So far, using business rules to accomplish this has resulted in the catalog item variables disappearing for users who need to log the REQ, so not a suitable result. I believe the way to go is to use ACLs, however attempting to use ACLs has so far not worked for me, I've found the variables/variable contents aren't restricted.

Do I need to find the 'parent' AC that overall allows read access to all RITM variables, and amend it to exclude this one catalog item, or does my Access Control need some work/scripting?

 

The ACL I attempted:

Condition 1 - Item is '********'

Security Attribute Condition - Group is '**********'

 

I also tried:

Condition 1 - Item is '********'

Security Attribute Condition - Group Explicit is '**********'

6 REPLIES 6

RhianClarke
Tera Contributor

Hi @admin111678 as above,  I resolved this with a new role and then used an on load script in Catalog Client Script to restrict the variables I needed to in the back-end, selecting 'Applies on Requested Items' and 'Applies on Catalog Tasks'.

I also linked the role to the group that it applies to, to ensure any new members to the group get the role added automatically and aren't missed.

Antoni Zahariev
Tera Guru

With the Xanadu release, the requirement can be delivered without a custom role and with a single Deny-Unless ACL