Limited-access admin groups can access certain IPAM resources only if their administrative permissions are defined. By default, the appliance denies access when a limited-access admin group does not have defined permissions. You can grant admin groups read-only or read/write permission, or deny access to the following IPAM resources:

• IPv4 networks
• IPv6 networks

The appliance applies permissions for IPAM resources hierarchically. You can also grant an admin group broad permissions to IPAM resources, such as Read/Write permission to all IPv4 networks and IPv6 networks in the database. Permissions at more specific levels override global permissions.

Administrative Permissions for IPv4 and IPv6 Networks

Limited-access admin groups can access IPv4 and IPv6 networks only if their administrative permissions are defined. You can grant Read-only or Read/Write permission, or deny access to networks.
Notes that on the Master Grid, if you want to perform certain tasks on a synchronized network, you must have permissions to both the managed Grid to which the network belongs and to the network itself. For example, to view a synchronized network, you must have at least a Ready-only permission to the managed Grid and Read-only permission to the network. If you want to modify a synchronized network, you must have Read/Write permission to both the managed Grid and the network.
The following table lists the tasks admins can perform and the required permissions for synchronized IPv4 and IPv6 networks on the Master Grid.

Table 4.9 Network Permissions