Asset Roles

Steve_ClarkeSteve_Clarke Customer Adept IT Monkey ✭✭

Hi All,

I just wanted to discuss some issues I am seeing when trying to create a couple of Asset roles. We effectively want to have two roles:

  1. An "Analyst" role that includes READ ONLY access to Assets
  2. An "Asset Administrator" role that has READ/WRITE access to Assets


Problem 1: Asset Administrator Role

The Cireson guide on how to create the roles “User-Guide-Asset-Mgt-Security-Roles-2015-Q1.pdf” (attached) details the process for creating a “Master Asset Management” role based on the “Incident Resolvers” role.

This process involves creating the new Master Asset Management role based on the Incident Resolvers role and selecting only the appropriate views and tasks related to the components in the Cireson Asset Management Pack (and a couple of others).

The second part of this process involves running the “Cireson.AssetManagement.Permissions.exe” tool and applying the required permissions to edit assets to the base profile we based our “Asset Administrators” role on (Incident Resolvers if we follow the documentation). Performing this step will provide write access to all Cireson Asset Management components (as well as User CI’s) to not only our custom “Asset Administrator” role but since we have to select the base Incident Resolver profile, this base profile and any other current or future roles based off of it (including our Analyst role) will effectively be given write access to the above components.

I verified this by making changes to Asset and User CI properties (as an Analyst) after running the tool.

You can edit the “Analyst” role and remove the tick boxes next to the Cireson Asset Management Tasks but this will only remove the links from the “Tasks” pane. An Analyst can still view an asset and edit any of the fields.

The only thing I can think of (since we cannot use the permissions tool to select our custom role), is to select another “base profile” which we do not think we will use again for anything else (unless we want to also provide them with read/write access to assets). We think we will end up using most of the other roles so that does not appear to be a great solution however. The ideal solution would be the ability to run the permissions tool against only the custom role if that was somehow possible.

Problem 2: Analyst - Read Only Access to Hardware CI's on Cireson Portal

I also have a slight issue with READ ONLY Analyst role as well. Assuming we don’t make the above changes, the Analyst role has read only access to Cireson Assets out of the box.

Unfortunately the Analyst cannot see the Asset info in the Cireson Portal. On the Navigation settings screen, we can add in the Analyst group so that the required tabs are visible on the left hand screen. The Analyst can also see the “All Hardware Asset” grid view etc. Unfortunately though clicking on an Asset CI results in an “Access Denied” message as I believe only the “Asset Administrator” role (specified during the portal installation) is given access to Asset CI forms. This issue could probably be resolved by setting custom read permissions on the asset forms for our Analyst role if there is a way to do this.

I have also seen a script specified on this community site that tries to essentially create the roles I am trying to here. This script works by making fields read only on the from. However this can easily be circumvented by using the console or disabling the required JavaScript etc. I see this as useful in making the fields "greyed out" to make it clear that the form is read only, but the permissions I think, should be controlled by the underlying roles.  

I am wondering if anoyone else has defined similar roles and if so how they managed to address the issues I have described above.


Thanks,

Steve

Comments

  • Morten_Aulie_PettersMorten_Aulie_Petters Premier Partner IT Monkey ✭
    I am also looking for a "read only" role setup. But I want End Users to see Line Items where they are the Purchaser. Should be possible?
  • Marek_LefekMarek_Lefek Customer Advanced IT Monkey ✭✭✭

    Is there any information?

    I have also a problem with SR's with CI selection lists. There is also needed some rights to view the device list.

    Where I can download the

    Cireson.AssetManagement.Permissions.exe?

  • Julio_Sanchez-TiradoJulio_Sanchez-Tirado Customer IT Monkey ✭

    ...

    Problem 1: Asset Administrator Role

    The Cireson guide on how to create the roles “User-Guide-Asset-Mgt-Security-Roles-2015-Q1.pdf” (attached) details the process for creating a “Master Asset Management” role based on the “Incident Resolvers” role.

    ....

    I cannot find the mentioned attached attachement. For people strugling to find it (like me), here is the link:
    http://kb.cireson.com/wp-content/uploads/2015/03/User-Guide-Asset-Mgt-Security-Roles-2015-Q1.pdf

    Or click here


Sign In or Register to comment.