Normalization and instance permissions

You can use the Normalization Engine to set the row-level permissions for specified classes and, with AR System qualifications, specific instances.

To use the Normalization Engine for instance permissions, you must complete the following steps:

  1. Define the rules for setting the row-level permissions. (See Creating-normalization-rules-to-set-row-level-permissions.)
  2. For each data set, enable the Row-Level Security feature. (See Configuring-normalization-settings-for-datasets.)

In addition to the CMDB Data View and CMDB Data Change roles, users must also have row-level access to instances. Each class has two attributes that specify users with read and write access to the class instances.


  • CMDBRowLevelSecurity — Users who are members of a group with row-level access have permission to view the instance if they also have the CMDB Data View or CMDB Data Change role.
  • CMDBWriteSecurity — Users who are members of a group with write access have permission to modify the instance if they also have row-level access and the CMDB Data Viewer role. This permission gives a user write access to a specific instance without giving write access to all instances with one of the CMDB Data Change roles.

You can define groups for the following permissions:

  • View — Members of these groups and roles can view the attribute in the class form, but cannot modify its value.
  • Change — Members of these groups and roles can view and modify the attribute value.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*