...
You can grant an admin group broad permissions to DHCP resources, such as read/write permission to all IPv4 or IPv6 networks and shared networks in the database. In addition, you can grant permission to specific resources, such as a specific IPv4 or IPv6 network or DHCP range, or an individual address in an IPv4 or IPv6 network. Permissions at more specific levels override global permissions.
You can also define permissions for specific DHCP objects and Grid member to restrict admins to perform only the specified DHCP tasks on the specified member. For more information, see Defining DNS and DHCP Permissions on Grid Members.
The following sections describe the different types of permissions that you can set for DHCP resources:
...
| Table of Contents | ||
|---|---|---|
|
Administrative Permissions for
...
Administrative Permissions for Network Views
Limited-access admin groups can access network views, including the default network view, only if they have read-only or read/write permission to a specific network view or to all network views. Permissions granted to a network view apply to all its IPv4 and IPv6 networks, shared networks, DHCP ranges and fixed addresses.
You can grant admin groups read-only or read/write permission, or deny access to network views as follows:
...
Note that you can grant an admin group read-only or read/write permission to specific IPv4 or IPv6 networks in a network view, without granting them permission to that network view. For information, see Permissions see the Administrative Permissions for IPv4 and IPv6 Networks and Shared Networks section.
For information on how to define permissions for network views, see Applying Permissions and Managing Overlaps.
The following table lists the tasks admins can perform and the required permissions for network views.:
Table 4.18 Network View Permissions
Tasks | All DNS Views | Specific DNS View | All Network Views | Specific Network View | All IPv4 or IPv6 Networks | All IPv4 or IPv6 Shared Networks |
|---|---|---|---|---|---|---|
Create and delete network views and their associated DNS views | RW | RW | ||||
Create and delete a network view and its associated DNS views | RW | RW | ||||
Create, modify, and delete IPv4 and IPv6 networks and shared networks in all network views | RW | |||||
Create, modify, and delete IPv4 and IPv6 networks and shared networks in a network view | RW | |||||
View the properties of all network views | RO | |||||
View network statistics of all network views | RO | |||||
View and search for all IPv4 and IPv6 networks and shared networks | RO | |||||
View the properties of a network view | RO | |||||
View and search for IPv4 and IPv6 networks and shared networks in a network view | RO | |||||
Expand and join IPv4 and IPv6 networks | RW | |||||
Expand and join IPv4 and IPv6 networks in a specific network view | RW | |||||
Create, modify, and delete IPv4 and IPv6 networks, DHCP ranges and fixed addresses in a specific network view | RW | |||||
View network statistics and properties of all networks in a network view | RO | |||||
Search for IPv4 and IPv6 networks in a network view | RO | |||||
Create, modify, and delete all IPv4 or IPv6 shared networks | RW | |||||
View the properties of all IPv4 or IPv6 shared networks | RO | |||||
View and search for IPv4 and IPv6 shared networks in a network view | RO | |||||
Restart services from the DHCP tab | RO | RW |
...
To define permissions for a specific IPv4 or IPv6 network and its DHCP ranges and fixed addresses, see see Applying Permissions and Managing Overlaps.
The following table lists the tasks admins can perform and the required permissions for IPv4 and IPv6 networks.:
Table 4.19 Network Permissions
Tasks |
bookmark547 | bookmark547 | Anchor | bookmark548 | bookmark548 | Grid Member(s) | All IPv4 or IPv6 Networks | Specific IPv4 or IPv6 Network | All IPv4 or IPv6 Shared Networks | Specific DNS Zone | All IPv4 or IPv6 DHCP Ranges | All IPv4 or IPv6 Fixed Addresses | IPv4 or IPv6 Network Template | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Create, modify, and delete IPv4 or IPv6 networks, DHCP ranges, and fixed addresses without assigned Grid members | RW | |||||||||||||
Create, modify, and delete IPv4 or IPv6 networks, DHCP ranges, and fixed addresses with assigned Grid members | RW | RW | ||||||||||||
Assign a Grid member to a specific IPv4 or IPv6 network and its DHCP ranges | RW | RW | ||||||||||||
Expand and join IPv4 or IPv6 networks | RW | |||||||||||||
Create IPv4 or IPv6 networks from templates | RW | RO | ||||||||||||
Create, modify, and delete an IPv4 or IPv6 network | RW | |||||||||||||
View IPv4 or IPv6 network properties and statistics, and search for DHCP ranges and fixed addresses in a specific network | RO | |||||||||||||
Create, modify, and delete IPv4 or IPv6 DHCP ranges and fixed addresses in a specific network | RW | |||||||||||||
Create and split an IPv4 or IPv6 network and automatically create a reverse DNS zone | RW | RW | ||||||||||||
Create, modify, and delete IPv4 or IPv6 shared networks | RW | |||||||||||||
View IPv4 or IPv6 shared networks | RO | |||||||||||||
Create, modify, and delete IPv4 or IPv6 DHCP ranges with an assigned member in a specific network | RW | RW | ||||||||||||
Create, modify, and delete IPv4 or IPv6 DHCP ranges | RW | |||||||||||||
View and search for IPv4 or IPv6 DHCP ranges in a specific network | RO | |||||||||||||
Create, modify, and delete IPv4 or IPv6 fixed addresses | RW | |||||||||||||
View and search for IPv4 or IPv6 fixed addresses in a specific network | RO |
...
For information on setting permissions for fixed addresses, see Applying Permissions and Managing Overlaps.
The following table lists the tasks admins can perform and the required permissions for IPv4 and IPv6 fixed addresses.
Table 4.20 Permissions for Fixed Addresses/Reservations
...
For information about setting permissions for DHCP enabled host addresses, see Applying Permissions and Managing Overlaps.
The following table lists tasks that admins can perform and the required permissions for IPv4 and IPv6 DHCP enabled host addresses.
Table 4.21 Permissions for DHCP Enabled Host Addresses
...
host addresses:
Permissions for DHCP Enabled Host Addresses
Tasks | Specific IPv4 or IPv6 Network | All IPv4 or IPv6 DHCP enabled host Addresses |
|---|---|---|
Create, modify, and delete IPv4 or IPv6 DHCP enabled host addresses in a specified network | RW | |
Modify and delete a specific IPv4 or IPv6 DHCP enabled host address | RW | |
View and search for all IPv4 or IPv6 DHCP enabled host addresses | RO | |
View and search for IPv4 or IPv6 DHCP enabled host addresses in a specified network | RO |
...
For information on setting permissions for DHCP ranges, see Applying Permissions and Managing Overlaps. The following table lists the tasks admin can perform and the required permissions for DHCP ranges.:
Table 4.22 DHCP Ranges
Tasks anchor | | Administrative Permissions for IPv4 or I | Administrative Permissions for IPv4 or I | Anchor | bookmark552 | bookmark552 | Anchor | bookmark553 | bookmark553 | Anchor | bookmark554 | bookmark554 | Grid Member(s) | Specific IPv4 or IPv6 Network | All DHCP IPv4 or IPv6 Ranges | Specific IPv4 or IPv6 DHCP Range | MAC Address Filter |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Create, modify, and delete IPv4 or IPv6 DHCP ranges with an assigned member or a failover association | RW | RW | ||||||||||||||
Create, modify, and delete IPv4 or IPv6 DHCP ranges in a network with assigned members | RW | RW | ||||||||||||||
Modify and delete an IPv4 or IPv6 DHCP range with an assigned member | RW | RW | ||||||||||||||
View and search for all IPv4 or IPv6 DHCP ranges with an assigned member | RO | RO | ||||||||||||||
View and search for IPv4 or IPv6 DHCP ranges in a network with assigned members | RO | RO | ||||||||||||||
View and search for an IPv4 or IPv6 DHCP range with an assigned member | RO | RO | ||||||||||||||
View and search for an IPv4 or IPv6 DHCP range without an assigned member | RO | |||||||||||||||
Apply relay agent and option filters to an IPv4 DHCP range | RW | |||||||||||||||
Apply a MAC address filter to an IPv4 DHCP range | RW | RO |
...
There are three types of DHCP templates for IPv4 and IPv6 objects—network, DHCP range, and fixed address/reservation templates. To access any of these templates, a limited-access admin group must have read-only permission to the template. Limited-access admin groups cannot have read/write permission to the templates. Only superusers can create, modify and delete network, DHCP range, and fixed address templates. An admin group with read-only permission to the DHCP templates can view them and use them to create networks, DHCP ranges and fixed addresses, as long as they have read/write permissions to those DHCP resources as well.
You can set global read-only permission that applies to all DHCP templates, and you can set permissions to specific templates as well.
For information on setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for DHCP templates.Table 4.23 :
Permissions for DHCP Templates
...
Table 4.24 Permissions for Roaming Hosts
Tasks Anchor | | | Administrative Permissions for MAC Addre | Anchor | bookmark557 | bookmark557 | Grid DHCP Properties | Specific IPv4 or IPv6 Roaming Host | All Roaming Host |
|---|---|---|---|---|---|---|---|---|
Enable roaming hosts | RW | |||||||
View roaming host | RO | RO | RO | |||||
Create, modify, and delete roaming hosts | RO | RW | ||||||
Modify and delete roaming host | RO | RW |
...
For information on setting permissions, see Applying Permissions and Managing Overlaps. The following table lists the tasks admins can perform and the required permissions for MAC address filters.:
Table 4.25
Permissions for MAC Filters
Tasks Anchor | | Administrative Permissions for the IPv4 | Administrative Permissions for the IPv4 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Anchor | bookmark558 | bookmark558 | ||||||||||||
| Anchor | bookmark559 | bookmark559 | ||||||||||||
| Anchor | bookmark560 | bookmark560All MAC Address Filters | Specific MAC Address Filter | Specific IPv4 DHCP Ranges | ||||||||||
Create, modify, and delete MAC address filters | RW | |||||||||||||
Create, modify, and delete MAC address entries for a MAC address filter | RW | |||||||||||||
Modify and delete a MAC address filter | RW | |||||||||||||
Apply a MAC address filter to an IPv4 DHCP range | RO | RW | ||||||||||||
Delete a MAC address filter from an IPv4 DHCP range | RO | RW | ||||||||||||
View MAC address filters and their MAC address entries | RO | |||||||||||||
View a MAC address filter and its MAC address entries | RO |
...