This document describes best practices for setting up a configuration for read only asset notes, and for allowing asset note creation. 

There are two types of security configurations in CA Asset Portfolio Management:  

-          -  Global configurations apply to all users and are the least restrictive  (ie, you would ALLOW Notes access at this level).  

-          -  Local configurations (across all families or for a specific asset family) that either allow or restrict access 

 

If you wish to have some user roles edit Notes and other user roles only read the Notes, then allow Note access at the global level, and create a local configuration that sets Notes to Read Only. Then assign the local configuration to the user role(s) where you want to restrict access. 

CA Asset Portfolio Management 12.9 and 14.1, any patch level

The ability to add Asset Notes is controlled on the configuration page(s), in the left tree view, under ‘Notes’.  In the screenshot below, any user governed by this configuration, has the ability to add or modify asset notes.   The pencil icon displays next to Notes, indicating that edit notes is available. 

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AJrxAAG" alt="NoteConfig1.png" width="491" height="284"> 

If the screen appears as below, then Asset Notes are read only:  (pencil icon displays with the readonly symbol in red)

 

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AJryAAG" alt="NoteConfig2.png" width="572" height="331">

There are two kinds of security configurations in CA Asset Portfolio Management.

--         1.  Global configurations apply to all users and are the least restrictive  (ie, ALLOW Note access at this level).  

-            2.  Local configurations (across all families) that restrict access.  (ie, RESTRICT Note access at this level). 

If you wish to allow some user roles edit Notes capability, and provide other user roles with read only access to Notes, then allow Note access at the global level, and create a local configuration that sets Notes to Read Only. Then assign the local configuration to the user role(s) where you want to restrict access.

For example: 

1.  First, create a local configuration (or modify an existing local configuration for this user role), and restrict Note access (set to read only).

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AJrzAAG" alt="NoteConfig3.png" width="724" height="419">

2.  Next, assign this local configuration to the user role(s).

 

Find the user role: Administration -> User/Role Management and bring up the details for the user role: 

 

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AJs0AAG" alt="NoteConfig4.png" width="705" height="408">

Select ‘Role configuration’, then select New and assign the local configuration (Asset Notes Read Only) to the user role(s) and save: 

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AJs1AAG" alt="NoteConfig5.png" width="714" height="413">

Now all users will have authority to add asset notes, except the users in the Test User role that are now governed by the Asset Notes Read Only configuration. 

Note that local configurations applied to a user role override the global configuration settings; however, be sure that the global configurations are the least restrictive configuration applied.