Does iTop 2.0 have the ability to limit users to view certain CI's only. I understand currently that users can be limited to see certain Organizations, but i wish to expand this to also include the CI's.
Is this possible?
Kind Regards
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This is something I need as well, basically I want to edit the Access Matrix. I've created a new CI, and am using the existing profiles, but want only the Admin's to be able to view this new CI. I cant find this matrix in any mySQL table.
How can I restrict who view the properties of a CI?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well my request is slightly more complicated. I want a user to see a CI but not some of a certain name i.e. all users can see the CI 'Server' but only some users can see the Server labelled 'Test1' whilst the others cant.
Thanks @jitsobullet, I did see and consider that. However this would mean having to duplicate every single pre-existing profile type, and not use the ones that came with iTop.
This seems like overkill. I want to use the existing profiles, I just don't want any of them (accept admin, possible one other) to have READ access to a CI type.
Is it truly not possible in iTop to change the access matrix of the existing profiles? Where is this information stored?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@Curtis - tried looking at \CMDB\web\env-production\itop-profiles-itil\model.itop-profiles-itil.php. You should be able to overwrite all originals from there.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I went through that file in detail before. My new CI's don't show up in there. I even tried adding to the $aGRANTS array. However, I did some more trial and figured out it can/does work! My class is called "ServiceAccount", and adding this to the $aGRANT array seems to have the effect that I want, which is to allow only admins to see this object:
No, that I found a "solution" to my problem after hyjacking this thread, can anyone help jitsobullet? He wants some user to not have access to some specific CI's. His example is that all users could see most Servers, but there may be some specific servers thatthey cant see.
@jitsobullet - This may introduce other issues, but one possible way would be to created a new class that is the same in every way possible, such as "RestrictedServer", and then hack itop-profiles-itil\model.itop-profiles-itil.php to remove read form all except desired groups.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
As a matter of fact, i was actually thinking about the same solution as you have mentioned above, but this is just extra work in my opinion. Would rather have a single CI but yeh i may do the above if worst comes to worst.
Cheers!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi All,
Does iTop 2.0 have the ability to limit users to view certain CI's only. I understand currently that users can be limited to see certain Organizations, but i wish to expand this to also include the CI's.
Is this possible?
Kind Regards
This is something I need as well, basically I want to edit the Access Matrix. I've created a new CI, and am using the existing profiles, but want only the Admin's to be able to view this new CI. I cant find this matrix in any mySQL table.
How can I restrict who view the properties of a CI?
Well my request is slightly more complicated. I want a user to see a CI but not some of a certain name i.e. all users can see the CI 'Server' but only some users can see the Server labelled 'Test1' whilst the others cant.
@Curtis, your solution can be found here: http://www.combodo.com/wiki/doku.php?id=customization:add-profile-sample
Thanks @jitsobullet, I did see and consider that. However this would mean having to duplicate every single pre-existing profile type, and not use the ones that came with iTop.
This seems like overkill. I want to use the existing profiles, I just don't want any of them (accept admin, possible one other) to have READ access to a CI type.
Is it truly not possible in iTop to change the access matrix of the existing profiles? Where is this information stored?
UP!
@Curtis - tried looking at \CMDB\web\env-production\itop-profiles-itil\model.itop-profiles-itil.php. You should be able to overwrite all originals from there.
I went through that file in detail before. My new CI's don't show up in there. I even tried adding to the $aGRANTS array. However, I did some more trial and figured out it can/does work! My class is called "ServiceAccount", and adding this to the $aGRANT array seems to have the effect that I want, which is to allow only admins to see this object:
'1_ServiceAccount_r' => false,
'2_ServiceAccount_r' => false,
'3_ServiceAccount_r' => false,
'4_ServiceAccount_r' => false,
'5_ServiceAccount_r' => false,
'6_ServiceAccount_r' => false,
'7_ServiceAccount_r' => false,
'8_ServiceAccount_r' => false,
'9_ServiceAccount_r' => false,
'10_ServiceAccount_r' => false,
'11_ServiceAccount_r' => false,
'12_ServiceAccount_r' => false,
No, that I found a "solution" to my problem after hyjacking this thread, can anyone help jitsobullet? He wants some user to not have access to some specific CI's. His example is that all users could see most Servers, but there may be some specific servers thatthey cant see.
@jitsobullet - This may introduce other issues, but one possible way would be to created a new class that is the same in every way possible, such as "RestrictedServer", and then hack itop-profiles-itil\model.itop-profiles-itil.php to remove read form all except desired groups.
Thanks Curtis, i appreciate it.
As a matter of fact, i was actually thinking about the same solution as you have mentioned above, but this is just extra work in my opinion. Would rather have a single CI but yeh i may do the above if worst comes to worst.
Cheers!