Hi, CMDBRowLevelSecurity, CMDBWriteSecurity nad DefaultAccountPermissions can be used only to set permission for whole record. On the attributes level, Class Manager (and cmdbdriver) are available (assuming you have defined set of permissions, not dynamic one).
If you have lots of attributes to customize then cmdbdriver seems to be a tool worth looking at. It can take a script as an input (command: ex). So if you have a dataset (e.g. db table) with attributes and required permissions you can generate such a script using perl/sql/copy&paste/whatever you prefer. Regards, Ark 2013/4/8 Francois Seegers <[email protected]> > ** > > Is the Class Manager the only place to do the per attribute level access? > > > > *From:* Francois Seegers > *Sent:* Monday, April 08, 2013 8:34 PM > *To:* [email protected] > *Subject:* Atrium CMDB: Attribute Security per Group/Role > > > > Hi All, > > > > Is there a way to only allow certain roles/groups to update certain > attributes in the CMDB and AST:Attributes table? I understand there are > the following class and attributes to define row level security (read & > write) but how can one accomplish this per attribute? > > > > character > > *CMDBRowLevelSecurity * > Attribute that specifies a list of permission groups that have read-only > access to the instance data. > > character > > *CMDBWriteSecurity * > Attribute that specifies a list of permission groups that have read/write > access to the instance data. > > > > *BMC.CORE.CONFIG:BMC_DefaultAccountPermissions*** > > *Data type* > > *Name and description* > > character > > *AccountName * > Attribute that specifies the name of the account to which the instance > belongs. his attribute has no effect on default permissions. > > character > > *ASSIGNRowLevelSecurity * > Attribute that specifies the list of permission groups and roles that have > read-only access to the instances specified by the MATCH attributes. > > character > > *ASSIGNWriteSecurity * > Attribute that specifies the list of permission groups and roles that have > read/write access to the instances specified by the MATCH attributes. > > character > > *MATCHAccountID * > Attribute that specifies an account ID. When this account ID is matched in > a CI instance or a relationship instance and when the class IDs also match, > then groups in the ASSIGN attributes receive permission to the instance. To > match all account IDs, specify the value "default". > > character > > *MATCHAppliedToClassId * > Attribute that specifies a Class ID that, when matched in a configuration > item (CI) or relationship instance and when account ID is also matched, > causes the groups in the ASSIGN attributes to receive permissions on the > CI. To match all class IDs, enter "default." > > > > Hope my question make senseā¦ > > > > Thanks > > *Francois Seegers* > Email: [email protected] | Mobile: +27 (0)82 729 5273 > Blue Turtle Technologies > > [image: http://www.blueturtle.co.za/images/blue-turtle02.gif] > > > > ------------------------------ > > Blue Turtle Technologies (Pty) Limited | Reg. no.: 2003/002610/07 | > http://www.blueturtle.co.za > Gauteng : Tel: +27 (0)11 206 5600 | Fax: +27 (0)86 208 0237 | Midridge > Office Estate, International Business Gateway, cnr New Road & Sixth Street, > Midrand, 1685 | P O Box 31331, Kyalami, 1684 > Western Cape: Tel: +27 (0)87 721 1874 | Fax: +27 (0)21 552 7764 | Unit > E6, Century Square, Heron Crescent, Century City, Cape Town, 7446 > > DISCLAIMER: This email and any files transmitted with it are confidential > and are intended solely for the use of the individual or entity to whom > they are addressed. This communication represents the originator's personal > views and opinions, which do not necessarily reflect those of Blue Turtle > Technologies (Pty) Ltd. If you are not the original recipient or the person > responsible for delivering the email to the intended recipient, be advised > that you have received this email in error, and that any use, > dissemination, forwarding, printing, or copying of this email is strictly > prohibited. If you received this email in error, please immediately notify > the sender. Thank you. > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
