CI Permissions

CI Permissions

Most of the settings manage permission to different tabs in CI forms and then controls user permissions to view or edit the listed CIs.

At the top of the CI Entity permission items there is a set of selections having special functions. Those settings insert filters which CIs should be visible in the list, which users should be selectable and which properties should be possible to change for users connected to the role. Some of those settings overrides other settings. Resulted permission is always highest possible. In this cases some other settings sometimes has no impact on the result, e g if you have permission to view all CIs in your organization, setting for own CIs has no effect (they are always shown because they belong to your organization, etc). Alternatives are:

•   View all CIs: All CIs in the system is displayed in the list. If this selection is enabled next four settings are overridden.

•   View CIs owned by own organization: Only CIs having property Owned by (Organization) value same as the organization the user belongs to is displayed in the list.

•   View CIs used by own organization: Only CIs where property Used by value is a user belonging to the same organization as the current user is displayed in the list.

•   View CIs managed by own organization: Only CIs where property Managed by value is a user belonging to the same organization as the current user is displayed in the list.

•   View own CIs (used or managed): Only CIs where property Used by or Managed by is the current user is displayed in the list.

•   All users available as Used by: If this option is enabled all users can be selected for CI property Used by. If this is enabled the next setting below has no effect.

•   Only users from own organization available as Used by: This option filters dropdown and popup for property Used by to contain only users belonging to the same organization as logged in user.

•   All users available as Managed by: If this option is enabled all users can be selected for CI property Managed by. If this is enabled the next setting below has no effect.

•   Only users from own organization available as Managed by: This option filters dropdown and popup for property Managed by to contain only users belonging to the same organization as logged in user.

•   Read and change all fields in CI: When edit a CI user has permission to change all CI fields. User must have Edit permission enabled to be able to edit CIs. If this is enabled the next setting is overridden.

•   Read all fields, change only selected fields in CI: When edit a CI user has permission to change only fields that have been defined by the system administrator. User must have Edit permission enabled to be able to edit CIs.

Selected fields is possible to specify only via DB store procedure. Example:

exec [app].[AddCiSelectedFields] @staticFields = 'Name,Description,ThirdFields' ,@dynamicFields = 'CustomFieldName1,CustomFieldName2,CustomFiledName3'

In this script staticFields are properties on root level (common for all CI Types) and dynamicFields are all other properties (in CI subtypes, both standard and custom properties).

Names of staticFields you find in database in app.Columns table, column Name. For dynamicFields you find names in table cmdb.CiTypeProperties, column Name.

List of default properties for each type is shown in Default properties for all CI types..