Infoblox Platform allows the creation of specific DDI (DNS, DHCP, IPAM) resources within access views. Users who belong to an access view can create DDI objects only when the parent objects already exist in the respective access view.
For instance, if the account admin or user already created a parent CIDR in an access view, users who belong to the access view can select a CIDR in the parent CIDR within the associated access view. When using the next available IP address or subnet, the system will select the next available IP address or subnet within the parent CIDR inside the associated access view. Similarly, only account admin or user can create parent address blocks. Other users can create an address block only if the parent address block is already in the respective access view.
In addition, resources created or linked to a particular access view are also accessible at the default access view level. Consequently, only corporate admins have access to all resources in all subaccess views.
Infoblox Platform supports the following DDI objects to be assigned to access views:
IP spaces
Address blocks
The following DDI objects inherit the assigned access views from their parent objects. Users are not allowed to create these objects within an access view.
Address ranges
Subnets
Fixed addresses
Individual IP reservations/fixed addresses
Only users with the applicable permissions can access and manage child DDI objects within the context of the designated access view. For information about user roles, groups, and access policies, see Managing Role-Based Access Control.
IPAM and DNS objects are currently supported. DHCP objects will be added in a future releases.