Modify existing access rights or overrides.
If user access rights change, follow the steps below to edit access rights or overrides.
To edit access rights and overrides:
- Select the Settings tab in the sidebar.
- Under User management, select Access rights.
- Select the row containing the user or group in the Access rights table, then select Edit in the expanded details section.
-
Under Default access level, define the default level of
access rights for the user or user group. Select from the following
options:
- View—users can see objects, but can't add, delete, or change objects.
- Change—users can see and change objects, but can't add or delete objects.
- Add—users can see, add, and change objects, but can't delete objects.
- Full access—users can see, add, change, and delete objects.
-
When you select Change, Add, or Full access, a
Workflow level field appears. Workflow options apply
to zones, resource records, networks, and IP addresses. Select a workflow
option:
- None—changes made by the user or group take effect immediately.
- Recommend—changes made by the user or group are saved as change requests and must be reviewed and approved before they take effect.
- Approve—changes made by the user or group take effect immediately and the user or group can approve change requests from other users or groups.
-
Select either the Allow deployments, Allow
quick deployments, or Allow selective
deployments check box (or all check boxes):
- Allow deployments—When selected, the user or
group can perform a full deployment of data from the
configuration to a managed server. When not selected, the user or group
can't perform a full deployment. Only administrators or users with
deployment privilege can deploy data.Note: To grant a non-administrative user or group deployment privilege, you must first select Full access as the default access right.
- Allow quick deployments—When selected, the user
or group can instantly deploy changed DNS resource records with the
Quick deploy function. When not selected, the Quick
deploy function doesn't appear for the user or group.Note: You don't have to select Deployment to allow the user or group to use the Quick Deploy function.
- Allow selective deployments—When selected, the
user or group can perform a selective deployment of data to a
managed server using the Address Manager API, and automatically deploy
resource records that are added, updated, and deleted within a DNS zone
that has the Dynamic Update field selected. When
not selected, the user or group can't perform a selective deployment and
resource record changes made by the user and group are not automatically
deployed within a DNS zone, even if the Dynamic
Update field is selected. For more information on
selective deployment and how to perform a selective deployment, refer to
the "Selective Deployment" section in the Address Manager v1 Legacy
API Guide. For more information on enabling dynamic updates
within a zone, refer to Creating DNS zones.Note: You don't have to select Allow deployments to allow the user or group to use the Selective deployment function
- Allow deployments—When selected, the user or
group can perform a full deployment of data from the
configuration to a managed server. When not selected, the user or group
can't perform a full deployment. Only administrators or users with
deployment privilege can deploy data.
-
On the Overrides tab, set the permissions for Address Manager objects:
- Access control lists
- Configuration
- Deployment options
- Deployment schedules
- DHCP zones
- Devices
- Locations
- GSS kerberos realms and principals
- IPv4 space
- IPv6 space
- MAC addresses and pools
- Resource records
- Servers
- Tags
- TFTP
- TSIG keys
- Views and zones
When you select the check box for an item, a drop-down menu appears. Select a permission from the list:
- Hide—objects are hidden from the user.
- View—users can see objects but can't add, delete, or change objects.
- Change—users can see and change objects, but can't add or delete objects.
- Add—users can see, add, and change objects, but can't delete objects.
- Full Access—users can see, add, change, and delete objects.
Note: If access override for an IPv4 IP Group is selected when setting access rights on any parent objects of IP group, the override setting will only be applied to IPv4 IP group objects but not to IPv4 addresses under the IP group objects. - On the Change Control tab, add comments, if required.
- Select Save.