Only allow admins to delete records, on all tables.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-06-2024 07:38 AM
Hey all,
My aim is to prevent all users, but admins, from deleting records on all tables. We don't want any mistakes to happen with the deletion of records.
For that purpose, I created a "general ACL" (*) that gives access to only admins to DELETE operations. The problem is that we have specific ACLs on all tables which triumph over the general one. Can I override these ACLs? Can I disable them using a script (because I don't want to go into each and every table separately)?
Does anyone have an idea on how to solve this issue? Or maybe explain on why it is not the best way to achieve our target?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-07-2024 07:37 AM
Are you giving anybody ITIL_admin role? If not that should remove delete for a good portion of the tables. Yes ACLs are on a table. You can try putting the ACL on the parent table IE Task table for all the task type table (incident, request_item, change, problem, etc.).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-09-2024 12:51 AM
Thank you,
We can remove the ITIL_admin role but that wouldn't be enough for us.
Parent table ACLs are an interesting direction, but that's also limited as you mentioned.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-09-2024 01:26 PM
What tables are you seeing the ability to delete on? OOB there are not many tables that I can think of where someone other then admin would have the ability to Delete unless they have a role like itil_admin. Otherwise you have 2 option update the Delete ACL so the only role is admin on every table or try finding the parent table and put a delete acl there.