To set up user access using access views, it is important to have a clear understanding of your organizational needs and plan accordingly. For effective management of user access at the level of a sub–access view, set up access policies that define specific user roles, user groups, and access views, based on your business needs.

You can begin by determining and creating sub–access views under the default sub–access view based on divisions, departments, or functions. Then, define access policies for access views by assigning relevant user roles and user groups to the access views. You may need to create both the "admin" and "user" roles for a particular division if you have different requirements for different users.

For example, if user group A requires administrative privileges for services X and Y within an access view but only needs read-only access to service Z, you can adjust access policies by assigning two distinct roles tailored specifically for the access view. In other words, you can create Role Admin with full admin permissions and Role User for read-only access. For more information about how to set up access policies, see Configuring Access Policies.

Considerations When Using Access Views

Before setting up user access and allocating resources for access views, consider the following:

• All users log in to Infoblox Portal at the default access view level (Infoblox account level), regardless of whether sub–access views are available within the account or not.

• Users who log in to Infoblox Portal that do not have access views configured can view resources and perform operations at the default access view level according to the defined access policies.

• Users who log in to Infoblox Portal that have access views configured and switch to an access view can view and manage only the resources that belong to that access view.

• A user is part of an access view only if the user group to which the user belongs has an access policy defined for the respective access view.

• All user access policies are defined at the default access view level. You cannot define users, roles, or access policies at the sub–access view level.

• When a user selects an access view, they can view only the resources that are associated with the respective access view. Infoblox Portal does not support accessing or viewing cross-access view resources by sub–access view users.

• Only corporate admins or default access view users can view and manage objects in all the sub–access views. Non-default access view users cannot view or manage objects that fall outside the access views to which they have permissions to access.

Setting Up Access Views

To set up access views for access control, do the following:

1. Create a new access view within the default access view. For information, see Creating Access Views.

2. Create a user group that contains all the applicable users for the access view. For information, see Creating User Groups.

3. Define an access policy, and then associate the policy with a user role, user group, and access view. For information, see Creating Access Policies.
   Currently, we support access views only for the following roles: DDI IPAM Manager, DDI IPAM Operator, DDI IPAM Auditor, DDI IPAM User, DDI_DNS_Auditor_Role, DDI_DNS_Manager_Role, DDI_DNS_Operator_Role, DDI_DNS_User_Role. Other user roles will be supported in future releases.

4. Create a user and assign a user group to the user. For information, see Configuring Users.

5. Optionally, create an IP space and assign it to the access view. For information, see Creating IP Spaces.

6. Optionally, create address blocks within the assigned access view. For information, see Creating Address Blocks.

7. Allow approximately 10 minutes for the changes to propagate through the system. The access view will not be available immediately.