After creating an IP group, specify the access right for a user or group so that the only specified users or user groups have the access to the IP group.
After you create IPv4 groups and have set access right for users or user groups, you will be able to better manage the IP addresses in that group. For example, IP grouping allows you to find any issues with IP addresses easily by isolating them into a smaller and more manageable group. Create an IP group by department, users, or region to make it easier to identify the root cause of a problem.
To grant access rights to an IP group:
- Select the IPAM tab in the sidebar, then select IPv4 blocks.
- Navigate to the IPv4 network that contains the IPv4 group selecting the network in the IPAM tree view panel, or by selecting the network's range in its parent block's IPv4 blocks and networks table.
- Select the IPv4 groups tab.
- Select the range of the IPv4 group.
- Select the Access rights tab.
- Select Assign access right.
- Under General, enter a user or user group in the User or group field.
-
In the Default access level field, define the default
level of access rights for the user or user group. Select from the following
options:
- Hide—objects are hidden from the user.
- View—users can see objects, but can't add, delete, or change objects.
- Change—users can see and change objects, but can't add or delete objects.
- Add—users can see, add, and change objects, but can't delete objects.
- Full access—users can see, add, change, and delete objects.
-
When you select Change, Add, or Full access, a
Workflow level field appears. Select a workflow
option:
- None—changes made by the user or group take effect immediately.
- Recommend—changes made by the user or group are saved as change requests and must be reviewed and approved before they take effect.
- Approve—changes made by the user or group take effect immediately and the user or group can approve change requests from other users or groups.
-
Select the Allow deployments and/or Allow
quick deployments check boxes:
- Allow deployments—When selected, the user or
group can perform a full deployment of data from the
configuration to a managed server. When not selected, the user or group
can't perform a full deployment. Only administrators or users with
deployment privilege can deploy data.Note: To grant a non-administrative user or group deployment privilege, you must first select Full access as the default access right.
- Allow quick deployments—When selected, the user
or group can instantly deploy changed DNS resource records with the
Quick deploy function. When not selected, the Quick
deploy function doesn't appear for the user or group.Note: You don't have to select Deployment to allow the user or group to use the Quick Deploy function.
Note:- If you set access rights at the IP group level, the access rights set at the network level won't be inherited to the IPv4 addresses in the IP groups. However, you still need to grant at least view access at the network level for users (who have access rights to IP groups in that network) so they can assign IP addresses successfully within their IP groups. Without view access rights at the network level, the user won’t be able to see what addresses they have available for allocation because these objects can only be seen at the network level.
- If access override for an IPv4 group is selected when setting access rights on any parent objects of IP group, the override setting will only be applied to IPv4 group objects but not to IPv4 addresses under the IP group objects.
- Allow deployments—When selected, the user or
group can perform a full deployment of data from the
configuration to a managed server. When not selected, the user or group
can't perform a full deployment. Only administrators or users with
deployment privilege can deploy data.
- On the Change control tab, add change control comments if required.
- Select Assign or Assign and add another.