Editing access rights and overrides - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

Modify existing access rights or overrides.

If user access rights change, follow the steps below to edit access rights or overrides.

To edit access rights and overrides:

  1. Select the Administration tab. Tabs remember the page you last worked on, so select the Administration tab again to ensure you are working with the Administration page.
  2. Under User Management, click the Access Right Settings link.
  3. Click Default Access Rights.
  4. Click the name of the user or group.
  5. Click Edit.
  6. Under Users and Groups, select a username from the drop-down menu and click Add. The user is added to a list below the drop-down menu. Repeat this step to add the access right to multiple users or groups.
    To find a username quickly, click the text field and type the name of a user. As you type, a list of users matching your text appears.
  7. To remove a user, select a user from the list and click Remove.
  8. Under Access Right, define the type of access right. From the Default Access list, select an option:
    • View—users can view objects, but can't add, delete, or change objects.
    • Change—users can view and change objects, but can't add or delete objects.
    • Add—users can view, add, and change objects, but can't delete objects.
    • Full Access—users can view, add, change, and delete objects.
  9. When you select Change, Add, or Full Access, a Workflow Level field appears. Workflow options apply to zones, resource records, networks, and IP addresses. Select a workflow option:
    • None—changes made by the user or group take effect immediately.
    • Recommend—changes made by the user or group are saved as change requests and must be reviewed and approved before they take effect.
    • Approve—changes made by the user or group take effect immediately and the user or group can approve change requests from other users or groups.
  10. Under Access Right, select either the Deployment, Quick Deployment, or Selective Deployment check box (or all check boxes):
    • Deployment—When selected, the user or group can perform a full deployment of data from the configuration to a managed server. When not selected, the user or group can't perform a full deployment. Only administrators or users with deployment privilege can deploy data.
      Note: To grant a non-administrative user or group deployment privilege, you must first select Full Access as the default access right.
    • Quick Deployment—When selected, the user or group can instantly deploy changed DNS resource records with the Quick Deploy function. When not selected, the Quick Deploy function doesn't appear for the user or group.
      Note: You don't have to select Deployment to allow the user or group to use the Quick Deploy function.
    • Selective Deployment—When selected, the user or group can perform a selective deployment of data to a managed server using the Address Manager API, and automatically deploy resource records that are added, updated, and deleted within a DNS zone that has the Dynamic Update field selected. When not selected, the user or group can't perform a selective deployment and resource record changes made by the user and group are not automatically deployed within a DNS zone, even if the Dynamic Update field is selected. For more information on selective deployment and how to perform a selective deployment, refer to the "Selective Deployment" section in the Address Manager API Guide. For more information on enabling dynamic updates, refer to Adding DNS zones.
      Note: You don't have to select Deployment to allow the user or group to use the Selective Deployment function
  11. Under Overrides, set the permissions for Address Manager objects: ACLs, Configuration, Deployment Options, Deployment Scheduler, DHCP Zones, Category Groups, GSS kerberos Realms and Principals, IPv4 Objects, IPv6 Objects, MAC Pool Objects, Resource Records, Servers, Tags, TFTP Objects, TSIG Objects, TSIG Keys, Views and Zones. When you select the check box for an item, a drop-down menu appears. Select a permission from the list:
    • Hide—users have no access to the object and objects are hidden from the user.
    • View—users can view objects but can't add, delete, or change objects.
    • Change—users can view and change objects, but can't add or delete objects.
    • Add—users can view, add, and change objects, but can't delete objects.
    • Full Access—users can view, add, change, and delete objects.
      Note: If access override for an IPv4 IP Group is selected when setting access rights on any parent objects of IP group, the override setting will only be applied to IPv4 IP group objects but not to IPv4 addresses under the IP group objects.
  12. Under Change Control, add comments to describe your changes. By default, this step is optional but might be set as a requirement.
  13. Click Update.