I'll check on a VM (still no coffee this morning so I'm no use ) but did you check "row level security" system (read/write) for the CI?
CMDBRowLevelSecurity—Only users who are members of a group listed in
the CMDBRowLevelSecurity attribute have permission to view the instance.
CMDBWriteSecurity—To modify the instance, users must be a member of a
group listed in the CMDBWriteSecurity attribute, and also have row-level
Check "BMC Remedy IT Service Management Suite 7.6.00 Guide to Multi-Tenancy" perhaps it'll help.
Many thanks for your reply - and I hope you got in the meantime your coffee :-)
Yes, I tried to modify the content of the fields CMDBRowLevelSecurity and CMDBWriteSecurity. But when you remove some values and you save the record, "Unrestricted Access" is added automtically again.
In Asset Management the access permission seems to be only limited by the Company field. So everyone who is member of a company (with the corresponding application licenses/permissions) has view permission for all CIs/Assets of a company. With the Asset Admin role/managed by role you can additionaly give write permissions. But I found no way to limit the view permissions within a company.
I don't know if I can help. I work on Remedy 7.1.
It is correct that unrestricted access is filled in the CMDB Rowl Level Security field. It should work that way. But you don't have to give your users that permission. It is enough to give them Company restricted access. Then they have visible permission to all assets with their Company. If you don't want them to see some assets you have to change asset Company or maybe leave it empty. As I know Company value automatically add company permission to row level security.
I tried using a Group ID in the RowLevelSecurity field, and it is working fine. But the issue i am facing is the instance is not editable, all fields are read-only.
I have given the same Group ID in the WriteLevelSecurity of the instance.
The user who is part of this group has Asset User permission. Am i missing on something??
Group ID in the WriteLevelSecurity should give editable permission to User who is this group member.
I don't know what you can do wrong.
In my Asset Management I do it that way:
1. Add Users to Support Group as a member and add them Floating (or Fixed) licence, Asset User permissions (Floating /or Fixed).
2. On Asset form, on the People tab I add user Support Group with "Managed by" or "Supported by" role with Access Permitted = "Yes" (this should add Group ID to WriteLevelSecurity field)
Then people who are members of this Support Group can edit assets records.
As I can remember (don't want check now) there is some OOTB workflow, which is cleaning permissions to asset (guess on modify action). That is why I use AssetPeople record to add/remove writable permission to assets. I have built AIE process which adds and removes AssetPeople records and it runs OOTB updating permission workflow
How about clearing Default Company in Asset Management Advanced Option and then use a custom Normalization feature to set the Company to the default instead. I tried this for BMC_IPENDPOINT in 8.1 so all IP CI's have a blank Company.and appears to work but I don't know what other bad things might happen.
BTW - I also used a Normalization Row Level rule for IP CI's so that Asset Admins have access.