my Problem is as followed....we have a few different Schemas in Insight, for Example our own IT Management Schema and for Example a own Schema for our IT Security Management. Both Schemas are configured with "Allow others to select objects from this schema"
Reason for this, in our own IT Management Schema are LDAP Querys to import for example our Departments and Teams within the Company. The IT Security manager need this Teams and Departments for the Objects in his own Schema IT Security Management for Example for the Attribute "Asset Owner".
My Problem now, he can not see any Objects if he is in the Object Schema Users or in the Object Schema Developers Role, he only see any Objects from our Schema if he is in the Object Schema Managers Role.
Our IT Management Schema - he is in the Object Schema Users Role - nothing to see in his own IT Security Management Schema
Our IT Management Schema - he is in the Object Schema Developers Role - nothing to see in his own IT Security Management Schema
Our IT Management Schema - he is in the Object Schema Managers Role - he can the Objects in his own IT Security Management Schema
But if he is in the Object Schema Managers Role, he can also create or edit Objects in our Schema, which is not desired.
As per Description "Users can only view the object schema", why is this not enough to see Objects from another Schemas and chosse this Object within the DropDown Menu from the Attribute?
Or am i missing something in the configuration?
Something doesn't sound right. If somebody is in the Object Schema Users role, they have the ability to see all of the objects in that schema. If objects in that schema reference objects in a different schema, then you would most likely want the person to be in the Object Schema Users role of that other schema. Being a member in both of those roles should be all that you need.
... I just remembered that there are also Object Type roles. You may have permissions set on a particular Object Type that are creating the problem.
You may want to confirm that you're not confusing roles at the Insight global level. You'll want to investigate the roles & members at the schema level.
The Object Schema Managers role doesn't grant somebody the ability to see more/less objects than the Object Schema Users role or the Object Schema Developers role.
Thanks for your Help, you are right, i have checked the Object Type and there a Limitation with 2 other User. Remove all and let the Permissions on all Objects Types in our Schema empty fix the Error and the Security Admin can see Objects in his schema with the Object Schema Role "User" on our Schema.
I understand, that Permissions directly on Object Types overwrite Permisssions on Object Schemas, my thinking error was, if the respective employee is authorized in the schema as a user and is not mentioned in the permissions on the object type, he keeps the same permissions as on the schema.
But apparently, with permissions on the object itself, all users are generally prohibited and only the explicitly entered employees are allowed.
Thanks again for your help. :)