The Cloud Services Portal provides offers role-based access control with which , allowing you can to manage user access based on according to roles and permissions. With the ability to define By defining access policies, you can restrict limit service -and resource related responsibilities to certain specific user roles and user groups. For example, you can limit BloxOne Threat Defense administrator permissions (as defined in the TD Administrator Role) can be restricted to the BloxOne Threat Defense admin user group (ib-td-admin), while allowing read-only access to for viewing configurations and reports is permitted for the BloxOne Threat Defense user group (ib-td-user) for viewing configurations and reports only. Similarly, you can limit BloxOne DDI administrator administrator permissions (as defined in the DDI Administrator DDI Administrator Role) are limited to the BloxOne DDI admin user group (ib-ddi-admin), while allowing with read-only access granted to the BloxOne DDI user group (ib-ddi-user) solely for viewing configurations and reports only. Role.
To empower administrators to oversee and control a specific part of the overall environment within the organization, you can configure granular permissions by utilizing compartments within your BloxOne account. If your organization’s infrastructure requires divisional teams to manage their own sets of users and resources, you can create compartments and assign access policies to specific user groups. This enables users to access and manage their respective resources within these compartments. By utilizing compartments, your corporate admins retain control over the entire corporate infrastructure, while divisional admins and users can independently manage their designated resources without gaining excessive access to other areas. The compartment feature can therefore effectively limit visibility and control while granting autonomy to relevant users. For more information about compartments, see Configuring Compartments.
This system of role-based access control is primarily based focused on service and resource accessibility, which results in granting explicit permissions for users or user groups to view, start and stop, or configure service-related tasks and features based on responsibilities within your organizationgroups based on their responsibilities within your organization related to viewing, starting and stopping services, or configuring tasks and features.
The Cloud Service Portal provides several default user roles, user groups, and access policies as a quick-start configuration, so you can quickly assign new users to user group(s) for them to gain access to relevant services and tasks. All default user groups are predefined in quick-start access policies that grant access to specific services and authorize specific users to a set of permissions, so they can perform specific responsibilities based on their roles. For example, the predefined Access Control Administrators Policy applies the Access Control Administrators Role to the access control admin user group (ib-access-control-admin), which grants access to all users in the ib-access-control-admin group permissions to view and configure licenses, users, user groups, and access policies. The Cloud Services Portal offers a few other access policies based on your license entitlements. You can use these quick-start configurations to quickly onboard your new users by placing them in their respective user groups, so they can gain access to the services to perform corresponding tasks. For more information, see Configuring Access Policies.
To set up role-based access control, use the following workflow to complete the tasks:
Create new users and assign them to their respective user group(s) based on their respective roles and responsibilities within your organization. All users must belong to at least one user group. For more information, see Configuring Users.
Review the default user groups and create additional groups (if needed) based on your business requirements and user responsibilities. For more information, see Configuring User Groups.
Optionally, create compartments in your BloxOne account to address granular access control for divisional teams. For information, see Configuring Compartments. This feature is available only for users participating in the Early Access Program (EAP). For information about the EAP, visit Infoblox Early Access Program.
Review the default access policies and create additional access policies (if needed) by applying user roles to respective user groups. Note that an access policy grants all users in a user group a set of permissions defined in the user role, so the users can access the services and perform the tasks associated with the selected user role. For more information, see Configuring Access Policies.
Create new user roles if the predefined one do not fit your organization needs. For more information, see Creating Roles.
...