Restrict read access to RITM variable content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2024 02:19 AM
Hi, I have a requirement to restrict read access to one catalog item's variable contents. The catalog item needs to remain open for all users to write/complete & submit.
Once logged/completed, we need the variable contents to be only visible to one specific itil group.
So far, using business rules to accomplish this has resulted in the catalog item variables disappearing for users who need to log the REQ, so not a suitable result. I believe the way to go is to use ACLs, however attempting to use ACLs has so far not worked for me, I've found the variables/variable contents aren't restricted.
Do I need to find the 'parent' AC that overall allows read access to all RITM variables, and amend it to exclude this one catalog item, or does my Access Control need some work/scripting?
The ACL I attempted:
Condition 1 - Item is '********'
Security Attribute Condition - Group is '**********'
I also tried:
Condition 1 - Item is '********'
Security Attribute Condition - Group Explicit is '**********'
- Labels:
-
Service Catalog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-21-2024 02:05 AM
Hi @admin111678 as above, I resolved this with a new role and then used an on load script in Catalog Client Script to restrict the variables I needed to in the back-end, selecting 'Applies on Requested Items' and 'Applies on Catalog Tasks'.
I also linked the role to the group that it applies to, to ensure any new members to the group get the role added automatically and aren't missed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2024 07:47 AM
With the Xanadu release, the requirement can be delivered without a custom role and with a single Deny-Unless ACL
