CA Service Management

Hi, I would like to create a constraint on the ca_owned_resource table to restrict viewing of a CI based on a specific group

Roger,

I see you also opened a Support case on this question. You can create a data partition constraint against the "ca_owned_resources" table (it's in the list of tables when you create a data partition constraint). You can make the constraint a "View" constraint. Note that a constraint specifies what they CAN do, if you want the reverse the constraint needs to be a "NOT" constraint.

For example, if you wanted this particular group to be unable to see any CI with the name "Server" in it you can create a view constraint like:

name NOT LIKE '%server%'

Hey Alex,

            Thanks for the response.  I need to block from view certain CI’s based on the group the logged in user is not a part of.

Hi Roger,

I dont think you can do this by group unless there is a group on the CIs that you want to restrict, and the users you want to allow to see those CIs are members of that group.  The reason is because you cannot cross objects in a data partition constraint, but rather you can only specify who can see the data based on an attribute of that data.  For example, for a ticket, if it has a certain group on it, you can specify to only allow users who are in that ticket's group to view that ticket.  But what you are trying to do is restrict view to one object (CIs) based on the user having an attribute of another object (Groups), which may or may not be tied to those CIs.  So this would only work if the CIs had a group and you want to restrict it to members of that group.

Hope this helps a bit.

Jon I.