We would like to be able to limit users to only be able to select from a subset of values for filters.

For example, for the Domain Object "Patch Management->Patches->Patch Impact", we would like them to be able to select from "Critical" or "Recommended" but "Software Installer" should NOT be displayed and should NOT be selectable.

Similarly, for free form text input such as the Domain Object "ZENworks System->Managed Device Status->Device Folder", the "Device Folder Contains" box should only allow certain pre-defined strings; e.g. A user can choose from "North", "South" or "East" but is not allowed to choose "West".

The justification for this is twofold:

1. Some selections could result in thousands of results, potentially bringing ZRS and/or the database down; we would like to be able to block these

2. Because there is no granular or hierarchical security model (either within ZRS or inherited from ZCM) we cannot limit users to a specific set of folders; e.g. Consider the following structure

\workstations\North
\workstations\South
\workstations\East
\workstations\West

In multi-tenant sites, for example, we would like to be able to ensure that the user can ONLY enter "North", "South", "East" in the "Contains" box. As he has no rights to look at assets belonging to "West" he should not be allowed to enter those items and see those devices.

The same principle extends to both list and free-form filters: We need to be able to limit what users can select. At the moment it's all or
nothing.

Pre-filters do not achieve this. If the pre-filter is not locked, then the user can enter what they like (North, South, East or West). If it is locked then users are unable to select anything (they get results from a logical North OR South OR East).


NRFE / MG / 10970762038 /

Comments