I am trying to create an extension that allows me to do the following, but I can't manage to get it working:
I have a schema of organizations where I assign different CIs, and therefore I can limit users' access to the various CIs within these organizations.
I have a group of CIs that we have created to manage the GoogleCloudPlatform infrastructure. These CIs are in different organizations.
I want a group of people to have permissions over a single organization (so they can read all the CIs in this organization), and I also want them to have permissions over all the GoogleCloudPlatform CIs, regardless of the organization they are in, since they are the administrators of this infrastructure on the Google portal and it is important for me that they can see them.
Is this possible?
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You may obtain what you are looking for without writing any iTop extension.
Just put all shared CIs under a "GoogleCloudPlatform" organization, separated from the others.
And for each people in a different organization, but needing to access the shared CIs, give them the org "GoogleCloudPlatform" in their "Allowed Organizations" as well as their own organization.
Last edit: Vincent @ Combodo 2024-08-06
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for your response.
Unfortunately, this does not solve my problem.
Let me explain with an example:
I have organizations A, B, and C.
Each of these has two child organizations:
A -> A1, A2
B -> B1, B2
C -> C1, C2
Google Cloud assets are distributed across all the organizations, as well as other assets from Azure, AWS, OnPremise, etc. However, only team A2 is the technical administrator of all the GCP assets, regardless of which organization they belong to.
I cannot consolidate all the Google assets into a single organization. What I want is to have them distributed across all organizations and for A2 to be able to see all of them, but only the Google assets and not the Azure, AWS, etc.
Thank you.
Last edit: RubenS 2024-08-06
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This might be achieved with this Combodo customer restricted extension
Also it only allow read access, it won't let your A2 guys modify Google assets.
Another strategy is to use the field "org_id" to modelize the Silo (because this is the way iTop is designed) and create another field "owner_org_id" on Functional CI to represent a different organization notion, which would not be used to control access rights.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello everyone,
I am trying to create an extension that allows me to do the following, but I can't manage to get it working:
I have a schema of organizations where I assign different CIs, and therefore I can limit users' access to the various CIs within these organizations.
I have a group of CIs that we have created to manage the GoogleCloudPlatform infrastructure. These CIs are in different organizations.
I want a group of people to have permissions over a single organization (so they can read all the CIs in this organization), and I also want them to have permissions over all the GoogleCloudPlatform CIs, regardless of the organization they are in, since they are the administrators of this infrastructure on the Google portal and it is important for me that they can see them.
Is this possible?
Thanks
Hi RubenS
You may obtain what you are looking for without writing any iTop extension.
Just put all shared CIs under a "GoogleCloudPlatform" organization, separated from the others.
And for each people in a different organization, but needing to access the shared CIs, give them the org "GoogleCloudPlatform" in their "Allowed Organizations" as well as their own organization.
Last edit: Vincent @ Combodo 2024-08-06
Thank you for your response.
Unfortunately, this does not solve my problem.
Let me explain with an example:
I have organizations A, B, and C.
Each of these has two child organizations:
A -> A1, A2
B -> B1, B2
C -> C1, C2
Google Cloud assets are distributed across all the organizations, as well as other assets from Azure, AWS, OnPremise, etc. However, only team A2 is the technical administrator of all the GCP assets, regardless of which organization they belong to.
I cannot consolidate all the Google assets into a single organization. What I want is to have them distributed across all organizations and for A2 to be able to see all of them, but only the Google assets and not the Azure, AWS, etc.
Thank you.
Last edit: RubenS 2024-08-06
This might be achieved with this Combodo customer restricted extension
Also it only allow read access, it won't let your A2 guys modify Google assets.
Another strategy is to use the field "org_id" to modelize the Silo (because this is the way iTop is designed) and create another field "owner_org_id" on Functional CI to represent a different organization notion, which would not be used to control access rights.
By adding an "owner_org_id" field, could I grant read permissions for these assets to people who do not belong to their "org_id"?
Thank you for your response.