6 Replies Latest reply on Jul 8, 2009 8:21 AM by Danny Van Ursel

    Do not apply default full access when creating an object



      I'm relatively new to Bladelogic and i've got a question (we're using 7.5):

      I've created an ACL template which contains only an ACL policy. The ACL Template is defined as the Object permission template of my Developer Role.

      The Developer role only has BLPackage.Create, .Delete, .Modify, .ModifyProperties, .Read.


      When I create a new BLPackage full access rights are given for my Developer role (the userguide page 173 tells me this is normal). Is it possible to disable this behaviour? I would like to control these right myself. (I'd like to exclude the ModifyACL rights)


      My second idea was to exclude the BLPackage.* and .ModifyACL rights in the Role definition. It seems the Developper role is still able to modify the ACL's on the object. Is this normal?


      I want to restrict the Developer from adding read rights to the BLPackage for the QA teams. (the QA's may only test the package when it is oficially promoted, and Modify rights are removed for the Developper)


      Can someone help me with the above?