Restrict permissions for CMDB model [Updated in Security Center 1.3 and 1.5]
Use the csm_cmdb_model.customer_visible_flag system property to limit customer access to data in the Product Models table as an additional access control to the CMDB model.
Set the csm_cmdb_model.customer_visible_flag property to true to enable the Customer Visible field for the tables listed below:
- Product Models table [cmdb_model]
- Software Models table [cmdb_software_product_model]
- Application Models table [cmdb_application_product_model]
- Consumable Models table [cmdb_consumable_product_model]
- Facility Models table [cmdb_facility_product_model]
- Hardware Models table [cmdb_hardware_product_model]
Setting this property as true hides all cmdb_model values by default.
Set the property to false to not consider the customer_visible column/atrribute on the cmdb_model table and to rely on the bases cmdb_model ACLs which are accessible to sn_esm_user.
More information
| Attribute | Description |
|---|---|
| Property name | csm_cmdb_model.customer_visible_flag |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Access control |
| Purpose | When set to tuetrue, the system uses the setting in the Customer Visible field to determine access to product model data on the Customer Service Portal. |
| Recommended value | true |
| Default value | false |
| Configuration type | Boolean |
| Security risk | (Moderate) Any user with the sn_esm_user role and out of the box ACLs could
have permissions to the CMDB model. Note: this role tends to be granted to external
users. External users could unwillingly be given permissions to the CMDB
model. |
| References | Limit access to product model data on the Customer Service Portal |
To learn more about adding or creating a system property, see Add a system property.