Creating normalization rules to set row-level permissions

This feature sets row-level permissions (read and write) for specified classes and, along with AR System qualifications specific instances. For more information, see Normalization-and-instance-permissions.

Before you begin

In the Dataset Configurations page, you must select a required data set and enable the Instance feature so that the Normalization Engine can apply the row-level permission rules to the selected data set. For more information, see Configuring-normalization-settings-for-datasets.

To create a normalization rule for row-level permissions

On CMDB Portal, click Configurations.
From the list, select Manage Normalization Rules > Features.
Click the Row Level Security tab.
To create a new row-level security rule, click icon.
In the Create Row Level Security Rule page, configure the following parameters.

Row-level security1.png

Parameters	Description
Rule Name (required)	Enter a unique, descriptive name for the rule.
Active	Click to activate the rule so that the Normalization Engine can apply the rule on the data sets.
Precedence	Enter a value to determine the rule's execution order. The value can be 0 to 9999999, both inclusive, with higher numbers determining a higher priority. If more than one rule applies to an instance, the Normalization Engine applies the rules sequentially from the highest precedence value to the lowest, until a match is found.
CI	(Optional) If you click this option, the rule applies to CIs. Configure the following parameters: Class Name (required) — Select the CI class name for which the rule is applicable. Qualifier (required) — Enter the qualification rule for the selected class, or to build the rule using the Qualification Builder, click . For information about using the Qualification Builder, see Using-the-Qualification-Builder.
Relationship	(Optional) If you click this option, the rule applies to Relationships. Configure the following parameters: Class Name (required) — Select the relationship class name for which the rule applies. Source Class Name (required) — Select the parent class in the relationship. Destination Class Name (required) — Select the child class in the relationship. Qualifier, Source Qualifier, Destination Qualifier (required) — For each of these three parameters, enter the qualification rule for the class, source class, and destination class respectively. Alternatively, you can click and build the rule for each qualifier using the Qualification Builder. For information about using the Qualification Builder, see Using-the-Qualification-Builder.
Row Permission	For each user group, such as Administrator, AI Admin Group, and so on, select the View and Change check boxes to enable or disable the read and write permissions.

6. Click Save.

The rule is available for normalization.

To edit a row-level security rule

On CMDB Portal, click Configurations.
From the list, click Manage Normalization Rules > Features.
Click the Row Level Security tab.
Select a row level security rule that you want to edit, and click .
On the Edit Row Level Security Rule page, modify the fields as per the steps in the preceding procedure.
Click Save.

To delete a row-level security rule

On CMDB Portal, click Configurations.
From the list, click Manage Normalization Rules > Features.
Click the Row Level Security tab.
Select the row level security rule you want to delete, and click .
In the Delete row level security Rule dialog box, click OK, to confirm the deletion.

To enable or disable row-level security for a data set

On CMDB Portal, click Configurations.
From the list, click Manage Normalization Rules > Dataset Configurations.
On the Dataset Configurations page, select the data set for which you want to enable or disable the row level security rule, and click .
Important
Only rules that are active are executed.
On the All Datasets Configurations page, Supported Features section, select or clear the Instance check box to enable or disable the feature.

5. Click Save to apply the change.