9 Replies Latest reply on Mar 13, 2012 12:30 PM by michal.hrncirik

    Limiting IPAM visibility

    hjarriell

      How do I limit an account to only view specific subnets in IPAM?

        • Re: Limiting IPAM visibility
          bshopp

          You cannot currently do this today, this is an open enhancement request.  Currently you can only give a user one of 4 roles which gives them different permissions within IPAM to do things, but they can see everything.

            • Re: Limiting IPAM visibility
              hjarriell

              Bummer,

              We need to be able to limit what departments can see what subnets.  Is there a fast/easy way to generate multiple reports automatically (have a /16 that needs to be broken into /24s and smaller), so we can drop different reports into specific departmental folders?

                • Re: Limiting IPAM visibility
                  macnugetz

                  hjarriell,

                  Have you tried creating custom reports in the Report Writer?  You can use this to create custom reports that meet your specific needs.  You can also convert these reports to web resources in Orion.

                  HTH,

                  Craig

                    • Re: Limiting IPAM visibility
                      hjarriell

                      Yes, I can do that.  But we have a two /16's and a /8's split into many, many /23s through /30s.  With different departments needing to see different networks.  Manually creating individual reports for each network will take an unreasonable amount of of time to complete.

                        • Re: Limiting IPAM visibility
                          macnugetz

                          Understandable.  It would help if you could walk me through the steps of how you would envision being able to accomplish this without having to create each report individually.  This is an interesting idea...

                          -Craig

                            • Re: Limiting IPAM visibility
                              hjarriell

                              Hmmm...

                              Add a check box to a network's, supernet's and group's properties to make available via report.  Then add a reports directory drop down like the account view builder uses.

                              Would also add an option in the settings to apply report settings to all, so that someone could turn them all on or off at once, then could pick specific to turn on or off from that network's properties.

                              Finally, add the option to have the add report toggled on or off by default.

                               

                              It's a little rough, but similar to what's below:

                                • Re: Limiting IPAM visibility
                                  macnugetz

                                  This is fantastic.  Looks like you've been moonlighting as a UI designer.  :-)

                                  Seriously though, this is great feedback.

                                  -Craig

                                    • Re: Limiting IPAM visibility
                                      augustocsm

                                      Imagine the
                                      user who needs the ability to set manually IP Addresses as Used or Reserved, or
                                      even type information about the devices on the IPAM IP table.


                                      It’s not always
                                      you’ll have just one team or one person managing all the IP Addresses in a
                                      large company.


                                      Can you
                                      imagine doing this on 16000 IP addresses or more without delegate the function
                                      to the many branches or department that are part off company? Can you imagine
                                      having several teams accessing all the IP Group folders on IPAM? It’s almost
                                      impossible to consolidate the IP manage without setting permissions to the
                                      folders or the many subnets of a particular branch.


                                      Reports and
                                      its filters might help on some way, but it does not solve the problem as it is
                                      on large environments where you need multiple Admin users.


                                      This is why
                                      I do support this feature request. IPAM needs the give the Administrator users
                                      to set which IP Group Folder can be fully managed by an Orion IPAM User.