Reply

Setting a limit/threshold on the number of DNS records a single user can delete

[ Edited ]
jpcatanzaro
Techie
Posts: 13
2475     0

Hey all,

 

Wondering if there's a way to use approval workflows or the API to set a limit or a threshold on the number of DNS records a user can delete.

 

The use case is we are looking to have a way to allow a certain number of deletions to happen automatically, but have any single deletion with a number above that limit trigger a warning or notification.  This would be to allow multiple groups to manage their own DNS records (limited by object permissions of course) but prevent an instance where someone accidentally deletes, say, all the records in a zone.

 

Is anyone doing anything like this in the wild?

 

**EDIT:  Should add that we're leaving DNS in Microsoft but managed by and via Infoblox in a read-write capacity.

Re: Setting a limit/threshold on the number of DNS records a single user can delete

[ Edited ]
RScutt Employee
Employee
Posts: 4
2476     0

You would have to generate a script that uses the RESTful or PAPI API. That script could be triggered from a webpage that could alert adminstrators when greater than "X" records had been deleted.

 

There are many customers that have wriiten custom webpages to automate certain aspects of their operations through the API.

Re: Setting a limit/threshold on the number of DNS records a single user can delete

jpcatanzaro
Techie
Posts: 13
2476     0

Awesome, that sounds like exactly what we're looking for.  But in addition to the alert, would that prevent the records from being deleted until approved?  Or would it just let it happen and it'd be on the admins to bring them back from the recycle bin?

Re: Setting a limit/threshold on the number of DNS records a single user can delete

RScutt Employee
Employee
Posts: 4
2476     0

It would be up to the code on the webpage. If after a user exceeded 'X' number of records, it could just send an alert to the administrator and perform the delete. Or it could just store the delete until it is approved by the administrator.

Showing results for 
Search instead for 
Do you mean 

Recommended for You

Demo: Infoblox IPAM plug-in integration with OpenStack Newton