Custom roles in IPAM

Hi all,

I am currently testing the IPAM.

I configured a few user accounts "customerA, customerB,..." and a few folders with customer names including subnets they own.

I am trying to configure roles for the customer users so they are able to see only their folders with their subnets. I restricted access to some folders by setting the role for those groups to hide with the "Hide" option.

The problem is that when the user logs on, they can still see those other groups. They are greyed out but are still expandable.

Is there a way of really hiding those other groups so that when the user logs onto IPAM, the only folders they see are the ones I've given them access to ?

I had a look on the forum, found some posts of 2012 and 2013 mentioning the same problem. It seems the feature request # 180896 were created in 2012, so is there some improvment ?

If still not possible, is there a workaround or a way to create a custom page for each user on which they could see only the subnets they own ?

Thanks

Find more posts tagged with

roles

permissioned_access

ipam feature

Accepted answers

All comments

janssend

I have been looking for this as well. Afaik there is currently no option to hide the structure completely. Seems like "hide" in this sentence means, that users are not able to see supernets/subnets nor ip addresses. And if we do not name the groups by the subnets they contain, there should not a big leek of information to other users.

FormerMember

Yes that is true. In our case we are managing many customers and we do not want that a customer can see the other customers we have. How would you name the groups that a customer does not see other customers or subnets ?

janssend

Well, I think this depends on how you organize your IPAM. In our case, we organized the structure by region->departement[->supernet]->subnet. So users from region A are still able to see which other regions B, C, D, ... there are and which departements they handle, but they can not see which supernets/subnets are assigned there. In case you structure your IPAM by customers, you may use an alias or abbreviation to name the groups.

vikkyg86

hello mate,

we have a similar scenario except instead of users we have security groups with multiple users in it. I was wondering if you used the custom roles (and power user) in each of those users to manage the visibility. If so were you able to perform discovery scans of subnets, import\export function?