Address Manager uses access rights, overrides, and privileges to control how users see and work with objects and information.
Access rights and overrides control access to Address Manager objects. Privileges control how users see and work with user access rights and object transaction histories.
- Default Access Rights are global access rights for a user or user group. Use default access rights to set the general access policy for a user or group. You can set overrides within the access right to fine-tune access to different types of objects.
- Object Access Rights are local access rights for a particular Address Manager object. Use object access rights to control access to a specific object and any child objects it contains. For objects that contain child objects, you can set overrides within the access right to control access to the child objects. For example, an access right granting access to an IPv4 Block may have an override that prevents access to IPv4 Networks within the block.
- Overrides are part of a default or object access right that control access to child objects within an object. For example, an access right granting access to a DNS zone may have overrides that prevent access to resource records within that zone.
You can apply the following access right and override levels to users and groups:
- Hide—objects are hidden from the user.
- View—users can see objects but cannot add, delete, or change objects.
- Change—users can see and change objects, but cannot add or delete objects.
- Add—users can see, add, and change objects, but cannot delete objects.
- Full Access—users can see, add, change, and delete objects.