Ensuring consistency with access control and privilege elevation - Adaptive Applications - BlueCat Gateway - 22.3

Hybrid DNS Update Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
22.3

Address Manager contains a copy of the DNS data managed in another platform; however, Address Manager users must not make any changes directly to the replicated data as these changes are not deployed to the other platforms. If you must update any DNS data that is managed on another platform, make the changes in the Hybrid DNS Update Adaptive Application.

Access permissions can be configured in Address Manager to make the data read-only for users, preventing direct changes to the DNS data in Address Manager. These changes would also prevent users from making changes through Hybrid DNS Update since all changes are first made in Address Manger. To enable this use case, Hybrid DNS Update can perform privilege elevation for selected non-administrative users. Changes are made in Address Manager using a service account that is configured in the docker environment or using the installation workflow. For more information, refer to Installing Hybrid DNS Update for configuring the service account in the docker environment or Configuring the Service Account for configuring the service account using the installation workflow.

The Enable User Tracking feature in the installation workflow ensures that the Hybrid DNS Update Adaptive Application updates the Last Modify By field on objects when changes are made. The field is contains the original username of the user that requested the change, providing an audit trail and ensuring that the transaction history contains this information. When objects are deleted, the Last Modified By field is updated in a separate transaction to ensure that this information is captured in the transaction history.

By default, the privilege elevation is enabled by adding users to a read-write Gateway group. If required, further access controls for privilege elevation can be adding using custom python code within the application. For more information, refer to the /builtin/workflows/Hybrid DNS Update/privilege_elevation/access_permissions.py python script within the docker image or contact BlueCat Customer Care for assistance with customizing the python code.