Administer > Authorize Access to CIs

Authorize Access to CIs

Browser CI Access Control enables you to assign granular access to the CIs in views or CI types in UCMDB, according to a user's assigned role. A role that has global View or Edit permission can see all CIs and relationships in UCMDB. A role that has View or Edit permission for a particular view can see only the CIs and relationships in that view. In addition, permission can be granted to view or edit particular CI types.


  • You must assign at least one permission for a view or CIT in order to see CIs in the UCMDB Browser.
  • You must have View permission on a particular CI in order to refocus on it, even if that CI is visible in a widget because of Browser CI Access Control settings.

To authorize access to CIs:

  1. In UCMDB, go to Security > Roles Manager.
  2. Select the role to which you want to assign access.
  3. Click the Browser CI Access Control tab and add available actions as required.
  4. Select an available view or CI type for which you want to assign permissions.
  5. When you are finished, click Save .

For additional details about permissions, see "User Permissions for the UCMDB Browser" in the Universal CMDB Administration Guide.


  • If a CI does not have Edit permission assigned through a view or CI type, the Edit button will not be displayed in the Properties widget and it will not be possible to change any property's attributes in the UCMDB Browser.
  • A user will be able to see the composite CIs of permitted CIs, even he has not been granted specific permission for those composite CIs.
  • If a user has permissions on CIs of two CI types and those CIs are not composite CIs, in order to have permission on their relationship (for example, to view them in the Environment widget), the necessary triplet should be added to the calculated link. This is named Authorized Relationship Addition (UCMDB Browser), and it can be found in CI Type Manager > Calculated Relationships.

Use Cases