[Date Prev] [Date Next] [Prev in Thread] [Next in Thread] [Date Index] [Thread Index]

Re: Atrium and field 112

Hi Brian,

I didn't sufficiently explain;we have thousands of customer companies and only one operating company (we are company A, and we manage assets for thousands of other companies).

If the CIs were to be locked down for one company (for security/contractual reasons), in order to restrict some users from having visibility of one customer company, you would have to explicitly give them access to thousands of companies in orde to exclude access to that one specific customer company.  This is where the multi tenancy model completely fails - it just doesn't work that well in such circumstances.

Hence me wanting to amend the "Unrestricted Access" value in CMDBRowLevelSecurity to be a new permissions group so that we can allow only certain users access to these CIs.



On Mon, 22 Jul 2019 at 13:13, Brian Pancia <panciab@finityit.com> wrote:

Without a better understanding of the company structure and the rhyme and reason behind it, it is difficult to give a recommendation.


Why would you setup 100’s of companies, assign a bunch of users unrestricted, and then not want to have multi tenancy setup?  These all contradict each other.  The fact you have multiple companies means the system is setup for multi tenancy.  Giving everyone Unrestricted Access essentially negates the multi tenancy you setup.  This is a common setup I have seen but a very bad one.  If you want to give everyone unrestricted access, just have one company.  Unrestricted Access is set at field 1 level and not at field 112.  I would recommend setting up your permission groups/companies properly and removing unrestricted access from everyone.  Why put unnecessary customizations in place because the system is not setup properly?  Unrestricted access should be reserved for special users like admins and system owners.








From: ARSList <arslist-bounces@arslist.org> On Behalf Of Dave Barber
Sent: Monday, July 22, 2019 4:58 AM
To: ARSList <arslist@arslist.org>
Subject: Atrium and field 112




This is on ARS 9.1.02.


We have a range of users making use of both Atrium and Change Management.  We have a range of CIs uploaded against a large number of compaies, and users have always been given unrestricted access.


A recent requirement has involved us wanting to restrict visibility of some CIs to specific users.  Multi tenancy would not be viable (as there are hundreds of companies within our system), so I had thought that replacing the value for "Unrestricted Access" in field 112 in Base Element for the relevant CIs with another permissions group, and adding that permissions group to the required users would have the desired effect.  It does not work - profiles without the new permissions group can still see the "locked down" CIs.


Has anyone else implemented anything along these lines?




Dave Barber

DISCLAIMER: The information contained in this e-mail and its attachments contain confidential information belonging to the sender, which is legally privileged. The information is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are notified that any disclosure, copying, distribution or action in reliance upon the contents of the information transmitted is strictly prohibited. If you have received this information in error, please delete it immediately.
ARSList mailing list