Setting and changing default access rights - BlueCat Address Manager - 9.1.0

Address Manager Administration Guide

prodname
BlueCat Address Manager
version_custom
9.1.0

When you create a user account, its default access right is Hide. A user account with this access right cannot view any objects in Address Manager. You need to grant the proper level of access rights for users or groups so that they can view and manage the objects.

Note: Address Manager does not allow you to set default access rights for Non-Administrator +API users. Access rights for this user and access type combination must be set at the configuration level or lower. For more information, refer to User types and access types.

To set or modify the access rights and overrides for users or groups:

  1. Select the Administration tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Administration page.
  2. Under User Management, click Access Rights Settings.
  3. Click Default Access Rights.
  4. Under Access Rights, click New, or click the name of a user or user group, and click Edit.
  5. Under Users and Groups, select a username from the drop-down menu and click Add. The user is added to a list below the drop-down menu. Repeat this step to add the access right to more users or groups.
    Tip: To find a username quickly, click the text field and type the name of a user. As you type, a list of users matching your text appears.

    To remove a user, select a user from the list and click Remove.

  6. Under Access Right, define the type of access right. From the Default Access list, select an option:
    • View—users can see objects, but cannot add, delete, or change objects.
    • Change—users can see and change objects, but cannot add or delete objects.
    • Add—users can see, add, and change objects, but cannot delete objects.
    • Full Access—users can see, add, change, and delete objects.
  7. When you select Change, Add, or Full Access, a Workflow Level field appears. Workflow options apply to zones, resource records, networks, and IP addresses. Select a workflow option:
    • None—changes made by the user or group take effect immediately.
    • Recommend—changes made by the user or group are saved as change requests and must be reviewed and approved before they take effect.
    • Approve—changes made by the user or group take effect immediately and the user or group can approve change requests from other users or groups.
  8. Under Access Right, select either the Deployment or Quick Deployment check box (or both):
    • Deployment—When selected, the user or group can perform a full deployment of data from the configuration to a managed server. When not selected, the user or group cannot perform a full deployment. Only administrators or users with deployment permission can deploy data.
    • Quick Deployment—When selected, the user or group can instantly deploy changed DNS resource records with the Quick Deploy function. When not selected, the Quick Deploy function does not appear for the user or group.
      Note: You do not have to select Deployment to allow the user or group to use the Quick Deploy function.
  9. Under Overrides, set the permissions for Address Manager objects:
    Option Description
    • ACLs,
    • MAC Pool Objects
    • Configuration
    • Resource Records
    • Deployment Options
    • Servers
    • Deployment Scheduler
    • Tags
    • DHCP Zones
    • TFTP Objects
    • Category Groups
    TSIG Objects
    • GSS kerberos Realms and Principals
    TSIG Keys
    • IPv4 Objects
    • Views and Zones
    • IPv6 Objects
     

    When you select the check box for an item, a drop-down menu appears. Select a permission from the list:

    • Hide—objects are hidden from the user.
    • View—users can see objects but cannot add, delete, or change objects.
    • Change—users can see and change objects, but cannot add or delete objects.
    • Add—users can see, add, and change objects, but cannot delete objects.
    • Full Access—users can see, add, change, and delete objects.
    Note: If access override for an IPv4 IP Group is selected when setting access rights on any parent objects of IP group, the override setting will only be applied to IPv4 IP group objects but not to IPv4 addresses under the IP group objects.
  10. Under Change Control, add comments, if required.
  11. Click Add or Update.