Occasionally network design changes and we want to stop using certain subnets. The subnet may remain as a legacy segment but we want no new allocations. I tried using custom roles but the way permissions work today you have to start with the lowest permission (read only) and then added higher permission for all the other networks to restore assignment access. Tedious and likely fragile, what happens with new subnets.
Requirement:
Prevent new assignments in a specified subnet. Thinking we would still want to allow people to release addresses - that would be more complicated so perhaps just locking out all changes would be acceptable.
Usage scenario
Browse to subnet via IPAM Manager
Open subnet for editing
Select lock mechanism
Save change.
Maybe this should apply to Operator and down only. That way admins could still do changes - but then admins could temporarily remove the lock, make a change, re lock.
Tactical what we are doing in some cases is reserving all the available addresses and putting in a comment explaining the subnet is not open for new assignments.
