I am busy defining profiles in Service Desk 4.5. We want to define different profiles and one of them will be a sort of "application owner". They will be responsible to enter new application CI's and maintain their data. So they should only have write and update rights on the CI type application. They should also be able to relate to different other CI types but they should not have write access on these other types because they are only allowed to relate to them. In SD 4.5 this seems to be a problem because you need write access on both CI's between which you relate. This for the simple reason that he writes a history line on both CI's. And there seems to be no way to limit the access only to be able to write a history line.
If you relate to a read only CI, the relation is entered and a history line is added on the CI you have access to BUT you get an unclear error stating you don't have access to this CI. This means only the history line on the CI to which you don't have rights cannot be entered so you get this error.
Is there any way to solve this without giving everyone rights on CI's to which they shouldn't have rights to ?? Is this improved in SD 5.0 or 5.1 ??
Thx for your input but access you define on attribute level is going to be applicable for ALL other folders also. So for every folder where you assign write access, the same attribute access is applicable. So this is again of no use for us. You cannot define attribute access per folder and this is what we would need.
Defining access on CI-types directly we cannot do indeed. We have to work using folders.