10-19-2018 02:39 PM
Sorry for newbie question - how shall I set up permissions so that a user group can operate on host level(such as reserve IP, add/delete/change a host) but cannot operate on network level(such as add/delete a subnet)?
We outsource our dialy operation to a 3rd-party vendor. Regular IP requests will go to the outsourcers. But reqests to create new subnet/VLAN will be handled by our internal network engineers. Thus we want to define different permissions for different groups.
Going further, is there a way to give them permission to specific subnets but not the others? e.g. user can reserve IPs in 192.168.x.x subnets but not in the 10.x.x.x subnets.
10-22-2018 06:23 AM
Infoblox permissions allow you to be as broad or as granular as you want. You can create a Group and assign permissions based on a specific /24 network and either allow read-only or read/write access permissions or if you're using network containers you can assign permissions to the entire /8 or /16 container. In order to look into it further, log into the Infoblox web GUI and go to the Administration tab -- Administrators -- Permissions. Highlight a group and you can view the default permissions. You could also create a test group and play with the permissions prior to assigning anything. All the info you need is covered in the admin guide --> Chapter 4 --> About Administrative Permissions