You can assign permissions to admin roles which you then assign to admin groups, or you can assign permissions directly to an admin group. The following are permissions you can grant admin groups and roles:
...
Permissions for common tasks, as described in Administrative Permissions for Common Tasks.
Permissions for the Grid and Grid members, as described in Administrative Permission for the Grid.
Permissions for IPAM resources, such as IPv6 networks, as described in Administrative Permissions for IPAM Resources.
Permissions for DNS resources, such as DNS views and A records, as described in Administrative Permissions for DNS Resources.
Permissions for DNS resource with associated IP addresses in networks and ranges, as described in Administrative Permissions for DNS Resources with Associated IP addresses in Networks and Ranges.
Permissions for DHCP resources, such as network views and fixed addresses, as described in Administrative Permissions for DHCP Resources.
Permissions for file distribution services, as described in Administrative Permissions for File Distribution Services.
Permissions for certificate authentication services and CA certificates, as described in Administrative Permissions for Certificate Authentication Services and CA Certificates.
Permissions for object change tracking, as described in Administrative Permissions for Object Change Tracking.
Permissions for GLB and GLB objects, as described in Administrative Permissions for Load Balancers.
Permissions for Cloud objects, as described in Administrative Permissions for Cloud Objects.
...
Permissions (Read/Write, Read-Only, or Deny) | ||
|---|---|---|
Administration Permissions | All Certificate Authentication Services | For more information, see Administrative Permissions for Certificate Authentication Services and CA Certificates. |
All CA Certificates | ||
Object Change Tracking | For more information, see Administrative Permissions for Object Change Tracking. | |
Cloud Permissions | All Tenants | For more information, see Administrative Permissions for Cloud Objects. |
Named ACL Permissions | Named ACL | For more information, see Administrative Permissions for Named ACLs. |
DHCP Permissions | Grid DHCP Properties | For more information, see Administrative Permissions for Common Tasks. |
All Network Views | For more information, see Administrative Permissions for DHCP Resources. | |
All IPV4/IPv6 Networks | For more information, see Administrative Permissions for IPv4 and IPv6 Networks and Shared Networks. | |
All Hosts | For more information, see Administrative Permissions for IPAM Resources. | |
All DHCP Fingerprints | For more information, see Administrative Permissions. | |
All DHCP MAC Filters | For more information , see Administrative Permissions for DHCP Resources. | |
All IPv4/IPv6 DHCP Fixed Addresses/Reservations | For more information, see Administrative Permissions for IPv4 or IPv6 Fixed Addresses and IPv4 Reservations. | |
All IPv4/IPv6 Host Addresses | For more information, see Administrative Permissions for DHCP Resources. | |
All IPv4/IPv6 Ranges | For more information, see Administrative Permissions for IPv4 and IPv6 DHCP Ranges. | |
All IPv4/IPv6 Shared Networks | For more information, see Administrative Permissions for IPv4 and IPv6 Networks and Shared Networks. | |
All IPv4/IPv6 DHCP Templates | For more information, see Administrative Permissions for IPv4 or IPv6 DHCP Templates. | |
All Microsoft Superscopes | For more information, see Administrative Permissions for IPv4 or IPv6 DHCP Templates. | |
All Roaming Hosts | For more information, see Administrative Permissions for Roaming Hosts. | |
DHCP IPv4/IPv6 Lease History | For more information, see Administrative Permissions for the IPv4 and IPv6 DHCP Lease Histories. | |
DNS Permissions Grid | DNS Properties | For more information, see Administrative Permissions for Common Tasks. |
All DNS Views | For more information, see Administrative Permissions for DNS ViewsCommon Tasks. | |
All DNS Zones | For more information, see Administrative Permissions for ZonesCommon Tasks. | |
All Hosts | For more information, see Administrative Permissions for Hosts. | |
All IPV4/IPV6 Host Addresses | For more information, see Administrative Permissions for DNS Resources with Associated IP addresses in Networks and Ranges. | |
All Resource Records (A, AAAA, CAA, CNAME, DNAME, NAPTR, MX, PTR, SRV, TXT, TLSA and Bulkhost) | For more information, see Administrative Permissions for Adding Blank A or AAAA RecordsCommon Tasks. | |
All Shared Record Groups | For more information, see Administrative Permissions for Shared Record GroupsCommon Tasks. | |
All Shared Records (A, AAAA, MX, SRV and TXT) | For more information, see Administrative Permissions for Common Tasks. | |
All Rulesets (BLACK List Rulesets and NXDOMAIN Rulesets) | For more information, see Administrative Permissions for DHCP Resources. | |
All DNS64 Synthesis Groups | For more information, see Administrative Permissions for DNS64 Synthesis Groups. | |
All Response Policy Zones | For more information, seeAdministrative Permissions for Zonesand License Requirements and Admin Permissions. | |
All Response Policy Rules | For more information, seeAdministrative Permissions for Zonesand License Requirements and Admin Permissions. | |
All DTC Objects (LBDN Records, LBDNs, Pools, Servers, Monitors, Certificates, GeoIP and Topologies) | For more information, seeAdministrative Permissions for Zonesand License Requirements and Admin Permissions. | |
Adding a blank A/AAAA record | For more information, see Administrative Permissions for Adding Blank A or AAAA RecordsCommon Tasks. | |
File Distribution Permissions | Grid File Distribution Permissions | For more information, see Administrative Permissions for File Distribution Services. |
Grid Permissions | All Members | For more information, see Administrative Permissions for Common Tasks. |
Network Discovery | For more information, see Administrative Permissions for Discovery. | |
Schedule Tasks | For more information, see Administrative Permissions for Scheduling Tasks. | |
CSV Import | For more information, see Administrative Permissions for Named ACLs. | |
All Microsoft Servers | For more information, see Administrative Permissions for Microsoft Servers. | |
All Dashboard Tasks | For more information, see Administrative Permissions for Dashboard Tasks. | |
All Kerberos keys | For more information, see Configuring GSS-TSIG keys. | |
All Active Directory Domains | For more information, see Managing Active Directory Sites. | |
IPAM Permissions | All Network Views | For more information, see Administrative Permissions for Common Tasks. |
All IPv4 Networks | For more information, see Administrative Permissions for IPv4 and IPv6 Networks and Shared Networks. | |
All IPv6 Networks | For more information, see Administrative Permissions for IPv4 and IPv6 Networks and Shared Networks. | |
All Hosts | For more information, see Administrative Permissionsfor Hosts. | |
All IPv4 Host Addresses | For more information, see Administrative Permissions for DNS Resources with Associated IP addresses in Networks and Ranges. | |
All IPv6 Host Addresses | For more information, see Administrative Permissions for DNS Resources with Associated IP addresses in Networks and Ranges. | |
Port Control | For more information, see Administrative Permissions for Discovery. | |
SAML Permissions | SAML Authentication Services | For more information, see Administrative Permissions for SAML. |
Super Host Permissions | Super Host Permissions | For more information, see About Administrative Permissions for Super Hosts. |
Security Permissions | Grid Security Permissions | For more information, see Administrative Permissions. |
Reporting Permissions | Grid Reporting Permissions | For more information, see Administrative Permissions for Common Tasks. |
Reporting Dashboard | For more information, see Administrative Permissions for Reporting. | |
Reporting Search | For more information, see Administrative Permissions for Reporting. | |
VLAN Permissions | VLAN views, VLAN ranges, and VLAN objects | For more information, see Administrative Permissions for VLAN Management. |
...
When you select multiple objects with more than one object type, you can add permissions to the selected objects as well as to the sub object types that are common among the selected objects. For example, when you select three DNS forward-mapping authoritative zones and two DNS IPv4 reverse-mapping authoritative zones as illustrated in the below figure Multiple Objects with Common Sub Object Types, you can apply permissions to all the five DNS zones as well as to the CNAME, DNAME, and host records in these zones because CNAME, DNAME, and host records are the common sub object types in these zones.
Multiple Objects with Common Sub Object Types
When you select three DNS forward-mapping authoritative zones and two IPv4 reverse-mapping authoritative zones, you can apply object permissions to all the DNS zones as well as the CNAME, DNAME and Host records in these DNS zones.
...
You can click the arrow key next to the resource to view the permission that is being ignored in the overlap.
| Anchor | ||||
|---|---|---|---|---|
|
After you define permissions for an admin group and role, you can do the following:
...
Group/Role: The name of the admin group or role.
Permission Type: The type of permissions. This can be Administration Permissions, Analytics Threat Insight Permissions, Cloud Permissions, Named ACL Permissions, DHCP Permissions, DNS Permissions, File Distribution Permissions, Grid Permissions, IPAM Permissions, Reporting Permissions, or Security Permissions.
Resource: The name of the object. For example, this field displays All Hosts if you have defined permissions for all the hosts in the Grid.
Resource Type: The object type. For example, this can be Host, PTR record, or Shared Network.
Permission: The defined permission for the resource.
...