LeanIX not writing into the cmdb_ci_business_capability table

Go to solution
DeIvory Gordon
Tera Guru

‎07-03-2024 06:13 AM

We have a current user that does not have permission to write to table [cmdb_ci_business_capability]. They require [CREATE, UPDATE] permissions.  As a _svc_LeanIX user, they should be able to write to cmdb_ci_business_capability.      I am not sure how to accomplish this request. I went to the cmdb_ci_business_capability table and to the "Application Access" tab, I was going to select "Can create" and "Can update", but I was told that this is the one that needs a Write ACL and that ACL assigned to a Role.  Can you explain simply how I give a user permission to write to the [cmdb_ci_business_capability] table.

Preview file
83 KB
0 Helpfuls
  • 577 Views
1 ACCEPTED SOLUTION

Go to solution
Akash4
Kilo Sage
Kilo Sage

‎10-15-2024 04:41 AM

Hi Delvory,

1. OOB there is only 1 Field level ACL as shown below (expecting there are no customized ACLs or BRs written in your instance here)

Akash4_0-1728992107881.png

2. The rest of the access control are driven from Parent table (cmdb_ci).

As a first step, you can verify these by typing -  "cmdb_ci_business_capability.config" in application navigator > verify the roles for each of the parent records for WRITE access (shown below has 4 OOB ACLs)

Akash4_2-1728992232239.png

3. These ACLs have access for roles - sn_cmdb_editor, certification, asset, itil, sn_change_write. You can give one of these roles to your target user profile to have WRITE access to this table.

4. If not possible, then as a last step you may create a new ACL mimicking one of the above ACLs > Create ACL > Type: Record, Operation: Write, (for Xanadu version - Decision: Allow if), Name: cmdb_ci_business_capability and under Role > provide a role of your interest. 

 

Regards, Akash
If my response proves useful, please mark it "Accept as Solution" and "Helpful". This action benefits both the community and me.

View solution in original post

1 REPLY 1

Go to solution
Akash4
Kilo Sage
Kilo Sage

‎10-15-2024 04:41 AM

Hi Delvory,

1. OOB there is only 1 Field level ACL as shown below (expecting there are no customized ACLs or BRs written in your instance here)

Akash4_0-1728992107881.png

2. The rest of the access control are driven from Parent table (cmdb_ci).

As a first step, you can verify these by typing -  "cmdb_ci_business_capability.config" in application navigator > verify the roles for each of the parent records for WRITE access (shown below has 4 OOB ACLs)

Akash4_2-1728992232239.png

3. These ACLs have access for roles - sn_cmdb_editor, certification, asset, itil, sn_change_write. You can give one of these roles to your target user profile to have WRITE access to this table.

4. If not possible, then as a last step you may create a new ACL mimicking one of the above ACLs > Create ACL > Type: Record, Operation: Write, (for Xanadu version - Decision: Allow if), Name: cmdb_ci_business_capability and under Role > provide a role of your interest. 

 

Regards, Akash
If my response proves useful, please mark it "Accept as Solution" and "Helpful". This action benefits both the community and me.