Automation

bward1

Community,

Has anyone deployed letting non-Infoblox teams use the API thru automation to access production environment to make changes? How are permissions/governance handled to limit what is changed?

Thanks,

Bryan

twpret

Good day Bryan

The best way to achieve this would be to create a role with specific functions. You then assign that role to an admin group (create different admin groups for different roles and permissions).

When creating the admin group, you select the type of access the user will have to the NIOS Grid (GUI, API, CLI etc). Below is an example of where in the admin group you can set the interfaces.

You then configure a specific user account for that user and assign them to the correct admin group.

Please test this out and let us know if you have any other issues.

Regards

TW

oliwia823

Yes, it is common for organizations to allow non-Infoblox teams to use the Infoblox API through automation to access production environments and make changes. This enables greater agility and integration with other systems. However, robust permissions and governance are crucial to limit what can be changed and maintain the integrity of the production environment. EZ Pass NJ

Here's how permissions and governance are typically handled:

1. Role-Based Access Control (RBAC):

Infoblox User Roles and Groups: Infoblox provides a granular RBAC system. You can define custom user roles with specific permissions (read, write, deny) for various objects (DNS records, DHCP ranges, IPAM data, etc.). Users are then assigned to user groups, and these groups are associated with specific roles.
Leveraging Existing Identity Management: Infoblox can often integrate with existing directory services (like Active Directory or LDAP) for user authentication and group management,