Document toolboxDocument toolbox

Managing Admin Groups and Admin Roles

Owned by Aliaksei Shautsou (Deactivated)
Last updated: May 16, 2017 by Arkadi_Bourkov
5 min read

After you create an admin group or an admin role, you can view, modify, and delete it.

Modifying Admin Groups and Roles

To modify an admin group:

  1. From the Administration tab, select the Administrators tab -> Groups tab -> admin_group check box, and then click the Edit icon.
  2. The Admin Group editor provides the following tabs from which you can modify data:
  • General: You can modify the following data.
    • Name: Modify the name of the admin group.
    • Comment: Enter useful information about the group, such as location or department.
    • Disable: Select this to retain an inactivated profile for this admin group in the configuration. For example, you may want to define a profile for recently hired administrators who have not yet started work. Then when they do start, you simply need to clear this check box to activate the profile.
    • Allow Access from: To control access to the GUI and API, select one of the following. You can restrict access using a named ACL or define individual ACEs. For information about named ACLs, see Configuring Access Control.

Note: This group-based authentication is applicable for Grid-wide settings only. NIOS authenticates user credentials only after it authenticates the Grid-wide settings.

    • Any: Select this to allow any clients to access the GUI and API. This is selected by default.
    • Named ACL: Select this and click Select Named ACL to select a named ACL that contains only IPv4 and IPv6 addresses and networks. When you select this, the appliance allows GUI and API access for all ACEs in the named ACL. You can click Clear to remove the selected named ACL.
    • Set of ACEs: Select this to configure individual access control entries (ACEs). You can define ACEs for selected admin groups from which users can log in to the application. Click the Add icon and select one of the following from the drop-down list. Depending on the item you select, Grid Manager either adds a row for the selected item or expands the panel so you can specify additional information about the item you are adding.
    • IPv4AddressandIPv6Address: Select this to add an IPv4 address or an IPv6 address. The Type column displays either IPv4 address or IPv6 address based on the item you select from the drop-down list. Click the Value field and enter the IP address. The appliance allows this client to access the GUI and API and restricts others.
    • IPv4NetworkandIPv6Network: Select this to add an IPv4 network or IPv6 network. The Type column displays either IPv4 address or IPv6 address based on the item you select from the drop-down list. Click the Value field and enter the network. The appliance allows this network to access the GUI and API and restricts others.
  • After you have added access control entries, you can do the following:
    • Select the ACEs that you want to consolidate and put into a new named ACL. Click the CreatenewnamedACL icon and enter a name in the ConverttoNamedACL dialog box. The appliance creates a new named ACL and adds it to the NamedACL panel. Note that the ACEs you configure for this operation stay intact.
    • Reorder the list of ACEs using the up and down arrows next to the table.Select an ACE and click the Delete icon to delete the entry. You can select multiple ACEs for deletion.
  • Roles: Modify the data as described in Creating Limited-Access Admin Groups.
  • Extensible Attributes: Add and delete extensible attributes that are associated with the admin group. You can also modify the values of the extensible attributes. For information, see About Extensible Attributes.

   3. Save the configuration and click Restart if it appears at the top of the screen.

Deleting Admin Groups and Roles

You can remove any default or custom admin group as long as it is not your own admin group or the last admin group. You can also delete any default or custom admin role. The appliance puts the deleted roles in the Recycle Bin, if enabled.

Note: You cannot delete the cloud-api-only and splunk-reporting-group admin groups. These admin groups are automatically created when you configure your Grid for Cloud Network Automation and Reporting and Analytics respectively. For information about Cloud Network Automation and Reporting and Analytics, see Deploying Cloud Network Automation and Infoblox Reporting and Analytics.

To delete an admin group:

  1. From the Administration tab, select the Administrators tab -> Groups tab -> admin_group check box, and then click the Delete icon.
  2. In the Delete Confirmation dialog box, click Yes.
    To delete an admin role:
  3. From the Administration tab, select the Administrators tab -> Roles tab -> admin_role check box, and then click the Delete icon.
  4. In the Delete Confirmation dialog box, click Yes.

Viewing Admin Groups

You can view the list of admin groups that are currently in the Grid. To view admin groups, from the Administration tab, select the Administrators tab -> Groups tab.
Grid Manager displays the following information:

  • Name: The name of the admin group.
  • Superuser: Indicates whether the admin accounts that you assign to this group have full authority to view and configure all types of data. The value can be Yes or No.
  • Comment: The information about the admin group.
    You can select the additional fields, Disabled and Site, for display.
    You can also do the following:
  • Sort the data in ascending or descending order by column.
  • Use filters and the Goto function to narrow down the list. With the autocomplete feature, you can just enter the first few characters of an object name in the Goto field and select the object from the possible matches.
  • Create a quick filter to save frequently used filter criteria. For information, see Using Quick Filters.
  • Modify some of the data in the table. Double click a row of data, and either edit the data in the field or select an item from a drop-down list. Note that some fields are read-only. For more information about this feature, see Modifying Data in Tables.
  • Print or export the data.

Viewing Admin Roles

You can view the list of admin roles that are currently in the Grid. To view admin roles, from the Administration tab, select the Administrators tab -> Roles tab.
Grid Manager displays the following information:

  • Name: The name of the admin role.
  • System: Indicates whether the admin role is system defined or not. The value can be Yes or No.
  • Comment: The information about the admin role.

You can select the additional fields, Disabled and Site, for display. You can also do the following:

  • Sort the data in ascending or descending order by column.
  • Use filters and the Goto function to narrow down the list. With the autocomplete feature, you can just enter the first few characters of an object name in the Goto field and select the object from the possible matches.
  • Create a quick filter to save frequently used filter criteria. For information, see Using Quick Filters.
  • Modify some of the data in the table. Double click a row of data, and either edit the data in the field or select an item from a drop-down list. Note that some fields are read-only. For more information about this feature, see Modifying Data in Tables.
  • Print or export the data.

Viewing Admin Group Assignments

After you define permissions for an admin role, you can assign it to multiple admin groups. You can view the list of admin groups to which an admin role is assigned, as follows:

  1. From the Administration tab, select the Administrators tab -> Roles tab -> admin_group check box, and then click the Edit icon.
  2. In the Role editor, select the Admin Groups tab.

Grid Manager displays the list of admin groups to which the role is assigned.