Infoblox: Groups and Permissions
All permissions in the Infoblox system are assigned to groups and not to individual accounts. While we can not assign permissions to individual records, we can assign read/write permissions to:
- IPAM network object (subnet)
- Domain (ex. domain.utexas.edu)
- in-addr.arpa domain which is the DNS representation of a subnet (contains PTR records)
One group may have permission to edit multiple objects.
Multiple groups may have the ability to edit the same objects.
CAVEATS
If you are a member of multiple groups that have been configured in Infoblox, this can cause uncertainty as to what permissions you'll have when you login.
For example:
You're a member of group A with permissions to objects:
adomain1
adomain2
adomain3
and a member of group B with permissions to objects:
bdomain1
bdomain2
bdomain3
Depending on the ONE GROUP THAT'S NOTED when you login, you will EITHER be able to edit objects adomain1-adomain3 OR bdomain1-bdomain3 but not both.
In order to be certain of the permissions you will be assigned, you can be a member of ONLY one group that's configured in Infoblox AND SUCCESSFULLY be assigned the permissions assigned to that one group.
NOTE: This only affects groups that have been added to the Infoblox system. If you're a member of multiple groups in AD and these groups have not been added to Infoblox then permissions will be unaffected.