Related
Recommended

IPAM User Delegation - A Quick Glance

mark_wiggans
2 minute read time

In larger organizations, it is very common for different people to have responsibilities to manage different blocks of subnet address spaces for their respective departments/divisions/regions. SolarWinds IPAM provides the ability for your IP Address Management tasks to be divided up amongst different people/groups, such as functional groups, geographic regions, virtual server teams, and critical staff.

Perhaps you want to allow your desktop team to have visibility of ip scopes for a particular office floor of vlan's, but without views secure into web infrastructure networks. Beginning with version 3.0, IPAM enables the definition of user access roles based on subnet, group or supernet basis.

Specify which users have what level of permissions (read/write) to certain address spaces (Group, Supernet, or Subnet). It is important to note that if subnets are moved that create hierarchy changes, the inherited roles will be inherited from the new parent.

Any existing customized roles will not be changed or inherited.

When deciding which roles will work best in your environment, determine what is the user really needs access to on a daily basis. The following IPAM user roles are available:

pastedImage_0.png 

Read/write access and can initiate scans to all subnets, manage credentials, custom fields, and IPAM settings and full access to DHCP management & DNS monitoring.

pastedImage_1.png

Power Users can reorganize network components in the left pane of the Manage Subnets and IP Addresses view and full access to DHCP management & DNS monitoring. This role also includes the ability to edit properties and custom fields on portions of the network made available by the site administrator.

pastedImage_3.png

The Operator role has read-only access to DHCP Scope, Servers, Reservations, and DNS Servers, Zones, and Records.

These users can also add and delete IP address ranges from portions of the network made available by the site administrator. They can also change the subnet status selection on the Manage Subnets and IP Addresses page. Manage IP address property and custom fields, and edit IP address properties on portions of the network made available by the site administrator.

pastedImage_4.png

This role will have Read only access to to all subnets and DHCP Servers, Scopes, Leases, Reservations and DNS Servers, Zones, Records.


pastedImage_5.png

This role is defined on a per subnet basis. DHCP and DNS access will depend upon the Global account setting for those nodes.

In a nutshell - after selecting Custom, click Edit to define what the user can and cannot see.


pastedImage_6.png

Next you select the desired subnet and define which role this user will have.


pastedImage_8.png

Make note of the inherited column on the far right to determine the correct inheritance is being applied.

pastedImage_9.png

The following is a good example of the differences a user with a custom role can or cannot see.

  pastedImage_10.png

If you are interested in detailed steps for setting up IPAM user delegation see this post.

Below is an overview of the all the role operations.The color coded legend is as follows:

pastedImage_0.png

The following table below details the various operations that each role can have.

111b.png

pastedImage_0.png

Thwack - Symbolize TM, R, and C

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.