Limit Permissions to the specific Role for CI/Accounts/Properties

Idea ID 1662701

Limit Permissions to the specific Role for CI/Accounts/Properties

The way it currently works in 10.x is if you assign the Manage Configuration Items capability to any role they are able to modify any CI that belongs to any role.  We have many groups in our organization that need to be able to modify their own System accounts and system properties but ONLY those that apply to their own role.  They should NOT be able to modify CIs that belong to other roles.

This new version takes away much of the granularity that existed in 9.x and does not account for what could be considered multi-tenancy.  Meaning so many of the capabilities you can apply are ALL or NOTHING for all roles.

It needs to be changed so that any capability you add to a role is only functional or applies to that specifics role content, CIs, and any other related aspects.  This is turning into an administration nightmare having to manage all the different components for over 50+ teams we have using the tool! The problem is if we add Manage Configuration Items to one role they are then able to make changes to any of the items that do not apply to their content and we cannot have Team A being able to modify Team Bs content/items and vice versa.

Please investigate and see what can be done as a solution to this issue. 

5 Comments
Outstanding Contributor.
Outstanding Contributor.
Status changed to: Waiting for Votes
 
Micro Focus Expert
Micro Focus Expert

I'm facing same limitation on my current customer.

Is needed to restrict at role level which CIs (System Properties and System Accounts) can be view and edit. Probably best option is to restrict at CI folder level, and include inherit option.

Micro Focus Expert
Micro Focus Expert

If is possible to edit Idea title, I'll add "CI", or "System Property" to it. so others can understand much better from all the ideas list/summary.

Valued Contributor.
Valued Contributor.

Hello,

Just thinking there has to be more customers in the same situation. This new version is making ADMIN overhead a nightmare and requiring us to spend a significant amount of increased time manging all these little bits that should be handled by the different groups increasing our workload and not allowing us to actually create automation.

Valued Contributor.
Valued Contributor.

Checking status.

The deeper we get into the new version the more issues like this we are finding and more and more time is being taken from us trying to manage it.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.