Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Network Automation and Compliance (NetMRI)


Granting Read/Write Permission to a Zone for an Automated Process

New Member
Posts: 1
2876     0

Greetings Everyone -


I've been running quite a few searches but haven't come across anything that absolutely answers my question so I thought I'd ask it to the collective experts.  This is my first post, so please feel free to direct me if I'm not doing something correctly.


I've received a request to assist our DevOps group in creating a test zone that they can use to perform some POC work with Terraform, specifically the Infoblox Terraform Cloud Provider.  Before I go further, I want to say that the POC was a success and that this is not a question of "How To".  Instead, this is more of a review of "How Did I" and a question of "Is there a better way".


The configuration is as follows:

  • Created a new root zone, let's call it "" (because .io is where everyone is creating domains nowadays).
  • Created a new admin account "SomeRandomUser".
  • Created a new group called "SomeRandomGroup" and added SomeRandomUser to that group.
  • For the group SomeRandomGroup, I granted permission to access the API (under the group permissions > Roles).
  • I then granted SomeRandomGroup read/write permission to the zone.

And that was that.  The DevOps engineer I was working with confirmed that using the SomeRandomUser account, he was able to programmatically create a record in this zone.  Now I'm intentionally leaving out the bits associated with the Infoblox Terraform Cloud Provider and the need to create specific Extensible Attributes because I think that's outside of the scope of this question.  (Simply, the ITCP requires specific EA's to be present or it fails.)


Anyway, with regards to the information provided in the bullets above, what did I do wrong?  Or what did I fail to consider?  Is there a better way to provide security around the zone?  


Thank you in advance for your time!


Re: Granting Read/Write Permission to a Zone for an Automated Process

New Member
Posts: 2
2877     0

Sorry for the late input, but your solution looks good to me.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You