An access view is a logical container in which certain DDI (DNS, DHCP, IPAM) resources reside. Infoblox Platform supports the assignment of certain resources to access views. For a list of supported resources, see Supported Objects for Access Views. It is essential for resources to be associated with a specific access view, so you can facilitate tailored user access. For information about how to set up access control for divisional admins and users, see Setting up User Access for Access Views.

In Infoblox Portal, the Infoblox account serves as the default access view for all resources. Sub–access view are offsprings of the default access view, and they offer a hierarchical structure within the Infoblox default account, as illustrated in the following diagram. Corporate admins with read/write permissions can create sub–access views under the default access view, but they cannot create sub–access views within sub–access views. With applicable permissions, divisional admins can add supported resources directly at the sub–access view level.

Open

Managing Resources in Sub–Access Views

Corporate admins can add any resources to the default access view while divisional admins can add only resources within the sub–access views to which they belong, based on the configured access policies.

If an access view is assigned to an IP space, all the objects contained in this particular IP space will belong to the same access view. For information about IP spaces, see Configuring IP Spaces.

As illustrated in the following diagrams, the corporate admin adds the address block 10.0.0.0/8 to the default access view and allocates 10.10.0.0/16 to sub–access view Engineering, 10.20.0.0/16 to sub–access view Marketing, and 10.30.0.0/16 to sub–access view Finance respectively based on business requirements. Divisional admins, assigned to their respective sub–access views, can then manage the allocated address block within the context of their sub–access views. They are not allowed to view or manage any resources that are outside of their sub–access view.

Open

If a divisional admin needs to add a resource that is outside of their sub–access view, the corporate admin must first add the resource to the default access view, and then allocate the resource to the respective sub–access view. Users who log in to the sub–access view can then view and manage the resources within their sub–access view, based on the configured access policies. For more information, see Setting Up User Access for Sub-Access Views.