Permissions to view hardware assets online
German_Minicucci
Customer IT Monkey ✭
What permissions do I need to set so regular analysts can see the hardware asset form online? (I don't want them to edit anything, just to check that information)
0
Best Answer
-
Steve_Wright
Cireson Support Advanced IT Monkey ✭✭✭
Hi German,
In our Portal, the analysts will need to be a member of the AssetManagers group in order to see assets. While this will give them the same default out-of-box form, viewing and editing assets does depend on their SCSM user role permissionsIf you are looking for something like read-only forms, that will require some customization.
Thanks,
6
Answers
In our Portal, the analysts will need to be a member of the AssetManagers group in order to see assets. While this will give them the same default out-of-box form, viewing and editing assets does depend on their SCSM user role permissions
Thanks,
We also have a requirement to provide analysts with read-only access to hardware and software assets. This would be a great piece of functionality to add. I am looking into custom options for now..
https://community.cireson.com/discussion/772/am-portal-roles
Hi Joe. So far I have been very unsuccessful with implementing this in Portal v6.0.2.1.
I have:
1. Put the script into a subfolder of CustomSpace
2. Created an "Asset Manager Read" and "Asset Manager Read Write" group
3. Edited the two group names in the script to match above names
4. Am calling the script from Custom.css with $.getScript (have also tried puttin the script directly in the CustomSpace folder
5. Added both the above groups to the original AM AD group (specified during the install of the portal) and removed all other users from the orginal AD group.
6. Given the above groups (step 2) access to the Navigation Buttons through Navigation Settings on the portal. Have also removed the original AM AD group from the Navigation Settings.
7. Peformed IIS Reset, restarted the Cache Builder Service, sacraficed a goat, but still no luck. When the user with read only access gets to the form they can still edit and save changes to assets.
Can you see any obvious issues with the process I followed? (I tried to follow the ReadMe the best I could).
Thanks,
Steve
Actually debugging IE reveals:
/api/V3/User/GetUsersGroups/ = 404 Not Found
I have not tested it on v6 yet but will try it out latter this week.
Can you confirm your two new groups you created when synced to SCSM with your AD connector. And that the query below returns results :
Regards
Joe
Hi Joe,
Yes I can confirm the two groups were synced using the AD connector and the query returns the users in the group.
It looks like the script is unable to retrieve the users of the groups as the whole api/v3 area is missing from the site (not sure at what version of the portal this folder was removed).
====
//begin check to see if AM forms should be read-only
$.ajax({
url: "/api/V3/User/GetUsersGroups/" + userId,
====
Regards
Steve
Just wondering if Cireson has any guidance on creating a "read only" asset role in the console? To me it seems that someone could still access the console to make the changes after this process is followed or potentially even just block this script from running in the browser.
For the console you would need to create a scoped role removing what you dont want certain AM users to do.
See attached.