Supported Objects for Access Views

Infoblox Platform allows the creation of specific DDI (DNS, DHCP, IPAM) resources within access views. Users who belong to an access view can create DDI objects only when the parent objects already exist in the respective access view.

For instance, if the account admin or user already created a parent CIDR in an access view, users who belong to the access view can select a CIDR in the parent CIDR within the associated access view. When using the next available IP address or subnet, the system will select the next available IP address or subnet within the parent CIDR inside the associated access view. Similarly, only account admin or user can create parent address blocks. Other users can create an address block only if the parent address block is already in the respective access view.

In addition, resources created or linked to a particular access view are also accessible at the default access view level. Consequently, only corporate admins have access to all resources in all subaccess views.

Infoblox Platform supports the following DDI objects to be assigned to access views:

IP spaces
Address blocks
DNS Views
DNS Zones

The following DDI objects inherit the assigned access views from their parent objects. You can create the following objects, but cannot explicitly assign them to an Access View:

Address ranges
Subnets
Fixed addresses
Individual IP reservations/fixed addresses

Assigning of DHCP objects to Access Views is not supported. However, you can edit the objects within an access view. The DHCP objects inherit the assigned access view from their parent objects. You can edit option filters, hardware filters, and clear leases if you have the appropriate DHCP role. For more information, see Setting up Access Control for Access Views.

Only users with the applicable permissions can access and manage child DDI objects within the context of the designated access view. For information about user roles, groups, and access policies, see Managing Role-Based Access Control.