View Restriction to Objects and Object Types in Asset Management

Hello @Pavan Kumar 

Unfortunately point #1 is not possible at this time.

There is an open change request about that to which you can add your vote.

https://jira.atlassian.com/browse/JSDCLOUD-10621

I'm not clear about your intention in point #2. Can you elaborate on that scenario?

Hi there, @Pavan Kumar

1. @Trudy Claspill is correct on number 1 - you cannot restrict access to some object within the same object type and allow access to other objects of the same object type.

What you can do however, is if you don't want people to see a certain attribute (at all though on all objects), you can "hide" an object attribute by removing visibility to that referenced object type.

Example of this:

I want IT to see the people objects but not the address attribute on the people objects. What I can do is make an Address object type, turn the address property into an object attribute, and restrict the address object type to whoever should be able to access the attribute. This will restrict that attribute on all objects within the people object type and other object types as well.

2. Yes you can restrict object types within the same schema. Think of object restrictions like Confluence page restrictions. The parent objects (at the root level) get inherited from the object schema, the children from their parents, but you can add further restrictions on the object types and the child objects.

Example of this:

I want to provide HR access to laptops but nothing else in the IT Asset Management Schema. Let's say I have Laptops, Network assets, and Infrastructure assets.

- I will provide the proper role to HR at the object schema level first for HR to view the objects within the schema (user role) - this will allow HR to see all object types within the object schema

- Next, go to the network assets and infrastructure assets, and set the visibility role (user role) only to IT. If these object types had any children, these are also restricted.

- I don't have to do this for the laptop object type because it is already provided at the object schema role.

- Note that if I put IT in ONLY the dev or manager roles for network or infrastructure assets (and not the user role), HR can still view because the view (users role) is still inheriting from the object schema. Each role individually is inherited from the higher level (parent object or object schema) until you override it intentionally & manually.

Apologies for the long explanation, but very passionate on this topic :D

Hope this helps,

Andrea