31. 03. 2026
Mirko Morandini
Asset Management, GLPI, Service Management, Uncategorized
GROUP-based Asset Permissions in GLPI 11: GLPI Rights Management Redefined
TL;DR: In GLPI, access permissions for assets have traditionally been tied mainly to entities. That works well in clean structures, but in reality, responsibility, ownership, and organizational hierarchy do not always follow the same lines. With GLPI 11, group-based permissions are extended from Tickets to all asset types, and together with the new multiselect group fields this opens the door to a much more practical permission model.
Introduction
There are changes in GLPI that immediately stand out because they come with new graphics, new menus or new objects. And then there are changes that look rather small at first, but can have a huge impact on the overall configuration and operation than one might expect.
For me, the new permission options for assets in GLPI 11 clearly belong to the second category.
The general idea is not completely new. Since GLPI 10, group-based permissions have already existed for Tickets, and this finally paved the way for fine-grained permission management without the burden of entity change. In GLPI 11, this concept is now extended to all asset types, which means that computers, monitors, and the rest of the inventory can finally benefit from the same kind of more targeted access control.
This feature was elaborated by myself together with the R&D of TecLib, and funded by Würth IT. The goal was not to make permissions more complicated, but to make permission management more powerful and less bound to entities.
What is new in GLPI 11?
In a Profile, for asset permissions, GLPI 11 introduces four new rights:
- View Assigned
- Update Assigned
- View Owned
- Update Owned
These permissions make it possible to grant access based on the users or groups that are directly connected to the asset. More precisely:
- View Assigned and Update Assigned add the relative permissions for the user listed in “Technician in charge” and groups” in “Group in charge”
- View Owned and Update Owned add the relative permissions for the user and groups listed in the “User” and “Group” fields.
Moreover, to make this enhancement even more flexible, the Group fields are now multiselect. I must admit that I would have preferred the possibility to add additional group fields, but this was technically too complex.
Why this really matters
The classic permission model in GLPI is built around entities. Entities are essential for structuring data, defining visibility boundaries, and building a clear hierarchy.
But anyone who has worked in a larger GLPI deployment knows the limitation: first, entities can display just one dimension of the organization; and second, collaboration between parallel entities is quite limited.
Specific IT teams responsible for VMs, for Linux or Windows, for specific Databases etc., may need access only to the systems they are responsible for, but these teams are cross-organization, while entities usually represent an organizational or financial unit.
Typical scenarios where this helps
The relevant scenarios are not exotic at all. They appear quite naturally in many GLPI environments as soon as responsibilities are no longer identical to the entity structure.
A first very common case is a shared entity with multiple support teams. Many organizations prefer to keep their assets in one central entity because this makes administration, reporting, and lifecycle management easier. At the same time, they do not want every technician to automatically see or update every asset in that entity. With the new permission model, assets can remain in the same structure while access is limited to the teams that are actually linked to them. This allows a cleaner setup without creating extra entities just to simulate separation.
A second useful scenario is shared responsibility across several groups. An asset belongs to one department from a business perspective but may be relevant for specialized teams that maintain the hardware, the operating system, the database, the monitoring or the application layer. Until now, these situations led to compromises, because entity-based permissions followed mainly the organization structure. Being able to define multiple entries for both group fields, you can create a multi-dimensional permission scheme.
Third, you could also envision distributed access models: Key users that have access to the assets belonging to the hardware of their group, users that can access directly to their owned assets, etc. Combined with the new asset definitions, where you can define permissions on single fields, this paves the way for many new possibilities of distributed inventory management.
Less pressure on entities, more room for clean design
With this enhancemet, entities no longer need to carry the full burden of permission design on their own. They remain the structural backbone of GLPI and are still essential for hierarchy, administration, and visibility boundaries.
In many environments, entities were expected to solve detailed access control in every situation, which often made the daily use heavier than necessary. Group permissions can be easily changed dynamically and, different to entities, they are additional: If you belong to more groups, you can see or edit the union of assets that belong to these groups, without the necessity to switch between different entities.
Final thoughts
GLPI 11 extends group-based permissions to assets, and allows the relevant group fields to be multiselect.With this, GLPI adds an operational layer on top of the existing entity structure. The result should not be understood to be a replacement for entities, but a better balance: entities continue to define where things belong, while access can follow the users and groups that are actually connected to the asset. Once you see it in practice, it simply feels like the permission model has become a bit closer to the real world.
Würth IT Italy, based in Bolzano/Bozen, South Tyrol, is an official GLPI Gold partner for Italy, and for the German speaking market (Germany, Austria, Switzerland) through its spin-off Gravitate.eu.
Mirko Morandini
Mirko Morandini, PhD, is a senior consultant in IT Service Management and Asset Management, with over a decade of experience and numerous successful projects in Germany, Austria and Italy. As the GLPI advocate at Würth IT Italy, Mirko is passionate about open source solutions - and when he’s not optimizing IT processes, he enjoys spending time with his family and playing and conducting wind band music.
Author
Latest posts by Mirko Morandini
29. 09. 2025
Asset Management, GLPI, Knowledge Management, Service Management
Getting the M(u)st out of GLPI
30. 06. 2025
Asset Management, Unified Monitoring
Das neue GLPI 11 – offizielle deutsche Vorstellung [DE]
31. 03. 2025
Asset Management, GLPI, Knowledge Management, NetEye
GLPI: Automated Inventory Without Using GLPI Agents
23. 12. 2024
Asset Management, Service Management
GUI-based Setup of GLPI Network Inventory: The Agent Toolbox