09-23-2016 05:45 AM - edited 09-23-2016 05:48 AM
Wondering if there's a way to use approval workflows or the API to set a limit or a threshold on the number of DNS records a user can delete.
The use case is we are looking to have a way to allow a certain number of deletions to happen automatically, but have any single deletion with a number above that limit trigger a warning or notification. This would be to allow multiple groups to manage their own DNS records (limited by object permissions of course) but prevent an instance where someone accidentally deletes, say, all the records in a zone.
Is anyone doing anything like this in the wild?
**EDIT: Should add that we're leaving DNS in Microsoft but managed by and via Infoblox in a read-write capacity.
09-23-2016 07:01 AM - edited 09-23-2016 07:02 AM
You would have to generate a script that uses the RESTful or PAPI API. That script could be triggered from a webpage that could alert adminstrators when greater than "X" records had been deleted.
There are many customers that have wriiten custom webpages to automate certain aspects of their operations through the API.
09-23-2016 07:29 AM
Awesome, that sounds like exactly what we're looking for. But in addition to the alert, would that prevent the records from being deleted until approved? Or would it just let it happen and it'd be on the admins to bring them back from the recycle bin?
09-26-2016 05:26 AM
It would be up to the code on the webpage. If after a user exceeded 'X' number of records, it could just send an alert to the administrator and perform the delete. Or it could just store the delete until it is approved by the administrator.