06-24-2020 11:55 AM
I have an IPV4 Network Container of size /16 defined. This container is not further defined into one or more IPV4 Networks, as there is no nability to provide further IPAM/DHCP objects for the container. There are smaller containers in the parent container. I can define networks if need be, but would prefer not to. There is a bulk Host record defined for the entire bloc of IPs in the parent container.
The IP space is assigned to my primary internal DNS zone. I wish to allow a API service account the ability to create and remove Host records for any IP that lives in this Container, but nothing more.
I have figured out how to allow access to only the internal DNZ Zone. I have figured out how to allow RW access to only Host records. WHat I haven;t been able to figure out is how to add a permission that limits this account /role to internal Host records in the network container.
Is this possible?
Internal zone: fred.org
Network Container: 172.16.0.0/16
Object Type: IPv4 Host Records
06-24-2020 01:35 PM
Check out the admin guide section “Configuring Permissions for DNS Resources in Networks and Ranges”.
Take note of the CLI command "set dns_perm_for_nw" which is required for this to work properly.
Once applied, the permissions ought to work the same whether creating records by GUI or by API.
07-02-2020 05:42 AM
The solution presented only appears to be valid for v8.5.We're running 8.4.7. To be honest, I'm having issues understanding the new documentation schema. The online docs for 8.4 do not seem to be as searchable as previous versions.
What is the impact upon the GM and other nodes if this command is applied?
07-04-2020 07:45 AM
This is also available in 8.4. I don't disagree, I used the PDF version of 8.4 docs to search for it.
07-06-2020 12:27 PM - edited 07-06-2020 01:34 PM
OK, I'm getting closer. I found the correct docs and I've been able to alter the grid properties to allow what I want, now I'm attempting to figure out all of the correct permissions.