Home Analyst Portal

Permissions to view hardware assets online

German_MinicucciGerman_Minicucci Customer IT Monkey ✭
What permissions do I need to set so regular analysts can see the hardware asset form online? (I don't want them to edit anything, just to check that information)

Best Answer

Answers

  • German_MinicucciGerman_Minicucci Customer IT Monkey ✭
    I wish there was a better way, like having an End User view for the asset. The Service Desk usually needs to be able to see more details (like approved software installed) but limiting permissions at the hardware asset level complicated the Cache Builder sync for us in the past (amount of analysts multiplied by hardware assets).
  • Steve_ClarkeSteve_Clarke Customer Adept IT Monkey ✭✭

    We also have a requirement to provide analysts with read-only access to hardware and software assets. This would be a great piece of functionality to add. I am looking into custom options for now..

  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    @Steve_Clarke & @German_Minicucci checkout the customization posted here for creating a portal asset manager read only role:
    https://community.cireson.com/discussion/772/am-portal-roles
  • Steve_ClarkeSteve_Clarke Customer Adept IT Monkey ✭✭
    Thanks Joe. Testing as we speak :)
  • Steve_ClarkeSteve_Clarke Customer Adept IT Monkey ✭✭

    Hi Joe. So far I have been very unsuccessful with implementing this in Portal v6.0.2.1.

    I have:

    1. Put the script into a subfolder of CustomSpace
    2. Created an "Asset Manager Read" and "Asset Manager Read Write" group 
    3. Edited the two group names in the script to match above names
    4. Am calling the script from Custom.css with $.getScript (have also tried puttin the script directly in the CustomSpace folder
    5. Added both the above groups to the original AM AD group (specified during the install of the portal) and removed all other users from the orginal AD group.
    6. Given the above groups (step 2) access to the Navigation Buttons through Navigation Settings on the portal. Have also removed the original AM AD group from the Navigation Settings.
    7. Peformed IIS Reset, restarted the Cache Builder Service, sacraficed a goat, but still no luck. When the user with read only access gets to the form they can still edit and save changes to assets. 

    Can you see any obvious issues with the process I followed? (I tried to follow the ReadMe the best I could).

    Thanks,

    Steve 

  • Steve_ClarkeSteve_Clarke Customer Adept IT Monkey ✭✭

    Actually debugging IE reveals:

    /api/V3/User/GetUsersGroups/ = 404 Not Found

  • Tony_CollettTony_Collett Cireson Support Super IT Monkey ✭✭✭✭✭
    It appears the script was developed before version 6 of the portal. It may not be compatible with the latest version of the portal. You can contact the script maker to find out if it's going to be updated for the recent version
  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    Hi Steve

    I have not tested it on v6 yet but will try it out latter this week.

    Can you confirm your two new groups you created when synced to SCSM with your AD connector. And that the query below returns results :
    SELECT U.UserName FROM CI$User U 
    INNER JOIN GroupMembership_CI$DomainGroup_CI$User GM ON GM.UserId = U.Id
    INNER JOIN CI$DomainGroup DG ON GM.DomainGroupId = DG.Id
    WHERE DG.UserName = 'Asset Manager Read'

    Regards
    Joe
  • Steve_ClarkeSteve_Clarke Customer Adept IT Monkey ✭✭

    Hi Joe,

    Yes I can confirm the two groups were synced using the AD connector and the query returns the users in the group.

    It looks like the script is unable to retrieve the users of the groups as the whole api/v3 area is missing from the site (not sure at what version of the portal this folder was removed).

    ====

     //begin check to see if AM forms should be read-only
     $.ajax({
      url: "/api/V3/User/GetUsersGroups/" + userId,

    ====

    Regards
    Steve

  • Steve_ClarkeSteve_Clarke Customer Adept IT Monkey ✭✭
    I can see some scripts still accessing /api/v3 etc.. and succeeding so it must be doing some redirection under the hood.

    Just wondering if Cireson has any guidance on creating a "read only" asset role in the console? To me it seems that someone could still access the console to make the changes after this process is followed or potentially even just block this script from running in the browser.
  • Joe_BurrowsJoe_Burrows Cireson Devops Super IT Monkey ✭✭✭✭✭
    Thanks Steve, ill see if I can prompt the creators to update that script for v6 support.

    For the console you would need to create a scoped role removing what you dont want certain AM users to do.

    See attached.
Sign In or Register to comment.