Hi Brian, I didn't sufficiently explain;we have thousands of customer companies and only one operating company (we are company A, and we manage assets for thousands of other companies).
If the CIs were to be locked down for one company (for security/contractual reasons), in order to restrict some users from having visibility of one customer company, you would have to explicitly give them access to thousands of companies in orde to exclude access to that one specific customer company. This is where the multi tenancy model completely fails - it just doesn't work that well in such circumstances. Hence me wanting to amend the "Unrestricted Access" value in CMDBRowLevelSecurity to be a new permissions group so that we can allow only certain users access to these CIs. Regards Dave On Mon, 22 Jul 2019 at 13:13, Brian Pancia <[email protected]> wrote: > Without a better understanding of the company structure and the rhyme and > reason behind it, it is difficult to give a recommendation. > > > > Why would you setup 100’s of companies, assign a bunch of users > unrestricted, and then not want to have multi tenancy setup? These all > contradict each other. The fact you have multiple companies means the > system is setup for multi tenancy. Giving everyone Unrestricted Access > essentially negates the multi tenancy you setup. This is a common setup I > have seen but a very bad one. If you want to give everyone unrestricted > access, just have one company. Unrestricted Access is set at field 1 level > and not at field 112. I would recommend setting up your permission > groups/companies properly and removing unrestricted access from everyone. > Why put unnecessary customizations in place because the system is not setup > properly? Unrestricted access should be reserved for special users like > admins and system owners. > > > > V/R, > > > > Brian > > > > > > > > *From:* ARSList <[email protected]> *On Behalf Of *Dave Barber > *Sent:* Monday, July 22, 2019 4:58 AM > *To:* ARSList <[email protected]> > *Subject:* Atrium and field 112 > > > > All, > > > > This is on ARS 9.1.02. > > > > We have a range of users making use of both Atrium and Change Management. > We have a range of CIs uploaded against a large number of compaies, and > users have always been given unrestricted access. > > > > A recent requirement has involved us wanting to restrict visibility of > some CIs to specific users. Multi tenancy would not be viable (as there > are hundreds of companies within our system), so I had thought that > replacing the value for "Unrestricted Access" in field 112 in Base Element > for the relevant CIs with another permissions group, and adding that > permissions group to the required users would have the desired effect. It > does not work - profiles without the new permissions group can still see > the "locked down" CIs. > > > > Has anyone else implemented anything along these lines? > > > > Regards > > > > Dave Barber > DISCLAIMER: The information contained in this e-mail and its attachments > contain confidential information belonging to the sender, which is legally > privileged. The information is intended only for the use of the > recipient(s) named above. If you are not the intended recipient, you are > notified that any disclosure, copying, distribution or action in reliance > upon the contents of the information transmitted is strictly prohibited. If > you have received this information in error, please delete it immediately. > -- > ARSList mailing list > [email protected] > https://mailman.rrr.se/cgi/listinfo/arslist >
-- ARSList mailing list [email protected] https://mailman.rrr.se/cgi/listinfo/arslist
