User bypassing Model requirement when copying Application CI
Article ID: 247740
Updated On:
Products
Issue/Introduction
We currently restrict uses with Service Desk to be unable to create CIs. But, since ITAM shares the DB we have found that users can create a CI through the ITAM copy. However, ITAM should not allow the copy as the previous item they are copying does not have a Model defined (our CIs for Applications are created in Service Desk and do not have models) with the Model field being required to create an entry in ITAM
Is there another way to restrict users from creating Application CIs from within ITAM?
Environment
Release : 17.3
Component : ITAM - Other / CA Service Desk Manager
Resolution
- The functionality in question, where one can duplicate a CI that was created in SDM by using the ITAM copy function despite the model being missing in ITAM, is working as designed.
- The ITAM 'COPY' functionality simply creates an asset by copying all the available attributes/links/relationships of as existing asset in ITAM. This functionality is as good as creating an asset or CI from another system (like SDM).
- The 'Model Id' validation happens when we try to click 'Save' button on ITAM UI without providing the model since it is a required field. However, ModelId is a NULLable field on the ca_owned_resource table. This is by Design.
- Additionally, the Copy functionality has not been restricted based on IsAsset / IsCI key value of an Asset/CI.
Additional Information
The options that are available would be to restrict the given users from accessing the Copy function overall, but this may affect all Copy functionality, including those that the user should be permitted access to. One can also consider submitting an idea to our Communities page for a future release of ITAM to consider a design change that addresses such a scenario.
Feedback
