06-03-2016 03:39 PM
I believe this is not possible, but wanted to see if anyone found a way around this problem. I have a large network where I want to be able to control the IP allocation. I want to control down to the /16, after that I am fine with other being able to create networks. I tried to use network containers hoping there was a way to lock down permissions on containers but leaving creating a network less restrictive but it doesn't seem possible. Has anyone dealt with this problem? Thanks in advance.
Solved! Go to Solution.
06-06-2016 08:42 AM
We don't have an 'only allow creation of sub objects' type permission.
You own the container which means that you own the permission to both create sub objects and modify the containers properties. (R/W). The only way to delegate control to sub objects is to create them first, and then assign them to someone else.
however, if the people creating these subnets are not the people creating the networks on the routing layer, there is a risk that the data end up being out of phase with that's in production. So sometimes openting the doors to let anyone make changes may not be helpful.
This is where letting something like Network Insight or an autoprovisioning system greate the subnets as required might be a better approach.