Only allow admins to delete records, on all tables.

RoniRan01111
Tera Contributor

Hey all,

My aim is to prevent all users, but admins, from deleting records on all tables. We don't want any mistakes to happen with the deletion of records.
For that purpose, I created a "general ACL" (*) that gives access to only admins to DELETE operations. The problem is that we have specific ACLs on all tables which triumph over the general one. Can I override these ACLs? Can I disable them using a script (because I don't want to go into each and every table separately)?

Does anyone have an idea on how to solve this issue? Or maybe explain on why it is not the best way to achieve our target?

7 REPLIES 7

Are you giving anybody ITIL_admin role? If not that should remove delete for a good portion of the tables. Yes ACLs are on a table. You can try putting the ACL on the parent table IE Task table for all the task type table (incident, request_item, change, problem, etc.). 

Thank you,

We can remove the ITIL_admin role but that wouldn't be enough for us.
Parent table ACLs are an interesting direction, but that's also limited as you mentioned.

What tables are you seeing the ability to delete on? OOB there are not many tables that I can think of where someone other then admin would have the ability to Delete unless they have a role like itil_admin. Otherwise you have 2 option update the Delete ACL so the only role is admin on every table or try finding the parent table and put a delete acl there.