...
The appliance applies permissions for DNS resources hierarchically. Permissions to a DNS view apply to all zones and resource records in that view. Permissions for a zone apply to all its subzones and resource records, and resource record permissions apply to those resource records only. To override permissions set at higher level, you must define permissions at a more specific level. To assign permissions, see Applying Permissions and Managing Overlaps.
You can also define permissions for specific DNS objects and Grid member to restrict admins to perform only the specified DNS tasks on the specified member. For more information, see Defining DNS and DHCP Permissions on Grid Members.
The following sections describe the different types of permissions that you can set for DNS resources:
...
| Table of Contents | ||
|---|---|---|
|
Administrative Permissions for DNS Views
...
For information on setting permissions for a view and its zones, see see Applying Permissions and Managing Overlaps.
The following table lists the tasks admins can perform and the required permissions for DNS views.
...
For information on setting permissions for zones and resource records, see see Applying Permissions and Managing Overlaps.
The following table lists the tasks admins can perform and the required permissions for zones.
Table 4.14 DNS Zone Permissions
Tasks |
Administrative Permissions for Resource | Administrative Permissions for Resource | Anchor | bookmark522 | bookmark522 | Anchor | bookmark523 | bookmark523 | Grid Member(s) | Specific DNS View | All DNS Zones anchor | | bookmark524 | bookmark524 | Specific DNS Zone | Resource Records | Shared Record Group | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Create, modify, and delete zones, subzones and resource records with assigned members | RW | RW | |||||||||||||||
Create, modify, and delete zones, subzones and resource records without assigned members | RW | ||||||||||||||||
Lock and unlock a zone | RW | ||||||||||||||||
Delete a zone with assigned Grid members | RW | RW | |||||||||||||||
Create, modify, and delete all zones, subzones, and resource records in a specific view | RW | RW | |||||||||||||||
Assign a name server group (member) to a zone | RW | RW | |||||||||||||||
Delete a zone with name server groups assigned | RW | RW | |||||||||||||||
Assign a shared record group to a zone | RW | RW | |||||||||||||||
View zone properties, subzones, and resource records of a specific zone | RO | ||||||||||||||||
Search for zones, subzones, and resource records in a specific DNS view | RO | RO | |||||||||||||||
Copy resource records from one zone to another: Source zone | RO | RO | |||||||||||||||
Copy resource records from one zone to another: Destination Zone | RW | RW |
...
For information on setting permissions for resource records, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for resource records.
...
By default, only superusers can add and edit A, AAAA, shared A, and shared AAAA records with a blank name. Limited-access admin groups can add and edit A, AAAA, shared A, and shared AAAA records with a blank name, only if their administrative permissions are defined. You can grant read/write or deny permission to Adding a blank A/AAAA record for specific admin groups, which applies to all admin roles in the group. You can define global permissions for specific admin groups and roles to allow limited-access users to add and edit blank A, AAAA, shared A, and shared AAAA records, as described in in Defining Global Permissions.
Administrative Permissions for Shared Record Groups
...
For information on setting permissions for shared record groups, see Applying Permissions and Managing Overlaps. The The following table lists the tasks admins can perform and the required permissions for shared record groups.
Table 4.16 Permissions for Shared Record Groups
Tasks |
Administrative Permissions for DNS64 Syn | Administrative Permissions for DNS64 Syn | Anchor | bookmark529 | bookmark529 | All Shared Record Groups | Specific Shared Record Group | Shared Record Type | Specific DNS Zone | Specific Shared Record | |
|---|---|---|---|---|---|---|---|---|---|---|---|
Create, modify, and delete shared record groups | RW | ||||||||||
Modify and delete a shared record group | RW | ||||||||||
View a shared record group | RO | ||||||||||
Create, modify, and delete shared records for a specific type | RW | ||||||||||
View or search for shared records of a specific type | RO | ||||||||||
Create, modify, and delete shared records for a specific type in a specified shared record group | RW | RW | |||||||||
View shared records for a specific type in a specified shared record group only | RO | RO | |||||||||
Create, modify, and delete a shared record | RW | ||||||||||
View a specific shared record | RO | ||||||||||
Assign a shared record group to DNS zones | RW | RW | |||||||||
Change the DNS zones associated with a shared record | RW | RW | |||||||||
Delete zones with a shared record group assigned. Before you delete a shared record group, you must remove all zones associated with it. | RW | RW |
...
For information on setting permissions for synthesis groups, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for synthesis groups.
Table 4.17 Permissions for DNS64 Synthesis Groups
Tasks Anchor | | Administrative Permissions for DNS Resou | Administrative Permissions for DNS Resou | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Anchor | Best Practices for Configuring Permissio | Best Practices for Configuring Permissio | ||||||||||||||
| Anchor | bookmark530 | bookmark530 | ||||||||||||||
| Anchor | bookmark531 | bookmark531All Synthesis GroupsSpecific Synthesis Group | Grid | Specific Member | Specific DNS View | |||||||||||
Create, modify, and delete synthesis groups | RW | |||||||||||||||
Modify and delete a specific synthesis group | RW | |||||||||||||||
View a synthesis group | RO | |||||||||||||||
Apply a synthesis group to the Grid | RO | RW | ||||||||||||||
Apply a synthesis group to a member | RO | RW | ||||||||||||||
Apply a synthesis group to a DNS view | RO | RW |
...