Typically we do not use the application/asset owners as almost all of them are not interested in anything held in IGL, only their own application. We have a couple however, who are interested, but we do not want to give them full Manage capability on the application object in IGL.
Is it possible to adjust the permissions to be read only (i.e. View)? Or would we have to use a custom user attribute and custom permissioning?
Sorry Andy, must have missed your previous comment notification. Actually you can either add new stuff or overwrite existing stuff in the SecurityContext.csv. Basically using the same whole line as in the default Security Context, but just modifying the action will overwrite the default granted permissions.
For example this will downgrade the default positions to View only:
SECURE_OBJECT_TYPE,NAME,ACTION,IMPLICIT_HAS_QUERY,IMPLICIT_BS_CHANGE,IMPLICIT_BU_CHANGE,SCOPE_TABLE,SCOPE_FILTER
Application,Business Owner,View,,scope,,t_applications,business_owner=${id} and resource_type='A' and is_deleted='FALSE'
Application,Technical Owner,View,,scope,,t_applications,technical_owner=${id} and resource_type='A' and is_deleted='FALSE'