Hi - I am currently able to create a IP network / subnet within the Data Management / IPAM Tab, but this is also viewable/visible within the DHCP Tab as well. Is this something that is going to be featured, or is there a toggle that can be utilized in order for the IPAM subnetes not to be viewed within the DHCP scopes? Also, what I am actually trying to do, is create an admin group, with a set of admins, (Server administraors) that will be able to utilize IPAM to track and stay abreast of IP addresses within a subnet, they assign manually to Data Center subnets, that they manage. The server administrators would be assigned R/W capabilities only over the subnets that the would be managing, within the data center, and these subnets would never be allowed to go DHCP. I may have talked in circles, and if so, I apologize)
Solved! Go to Solution.
09-15-2015 03:36 PM
The way the structure works is that you have:
Networks > DHCP Ranges
If you create a network, it is viewable within IPAM and DHCP tabs. Note also that you could possibly have multiple ranges underneath a network. Given this, the permissions system is granular enough that you could possibly have multiple DHCP admins that have access to view only one range within a network, and not other ranges in the same network. There is no current way (that I know of) to deny users the ability to view networks in DHCP tab whilst viewing it in the IPAM tab.
However, for your use case what you can easily do is leverage the built in roles already created in the system to allow separation between IPAM and DHCP administrators. In this way, whilst DHCP admins can view networks, they may not be able to modify or create any networks - but only ranges. Likewise with IPAM admins - they can view/create networks but are not allowed to manipulate DHCP settings.
Look under the Administration tab > Administrators > Roles to see the built-in roles for IPAM/DHCP. Also look in the Permissions tab and highlight the roles to see what permissions are granted. You can further customise your permissions to add/delete specific objects there also.
Hope this helps.
09-16-2015 03:06 AM
Thank you - it was my understanding as well, while reading the administrators guide, I appreciate your response and will step forward in the area....
09-17-2015 02:18 AM
Thank you GHorne - as well as not only that, not placinf the relay staements on the vlan or router on the remote end.... Just trying to delegate specific subnets to a subset of admins within Infoblox, so they can track thier used and unused IP addresses for Data Center devices in a common area.... Thank you again - Mark