IPAM RBAC

Windows Server 2012 R2 includes RBAC for IPAM. RBAC allows you to customize how administrative permissions are defined in IPAM. For example, some people are assigned the role of administrator and are able to manage all aspects of IPAM, while other administrators may only be allowed to manage certain network objects. By default, all objects inherit the scope of their parent object. To change the Access Scope of an object, right-click the object and click on Set Access Scope.
RBAC security is divided into the following three aspects, roles, access scopes, and access policies:
• Roles. A role is a collection of IPAM operations. The roles define the actions an administrator is allowed to perform. Roles are associated with Windows groups and/or users through the use of access policies. There are eight built-in RBAC roles for IPAM. New roles are created and added in the IPAM console, in the ACCESS CONTROL pane.
- The built-in roles for IPAM are:
Name
Description
DNS record administrator
Manages DNS resource records
IP address record administrator
Manages IP addresses but not IP address spaces, ranges, blocks, or subnets.
IPAM administrator
Manages all settings and objects in IPAM
IPAM ASM administrator
Completely manages IP addresses
IPAM DHCP administrator
Completely manages DHCP servers
IPAM DHCP reservations administrator
Manages DHCP reservations
IPAM DHCP scope administrator
Manages DHCP scopes
IPAM MSM administrator
Completely manages DHCP and DNS servers
Access scopes. Access scopes define the objects to which an administrator has access. By default, the Global access scope is created when IPAM is installed, and all administrator-created access scopes are sub-scopes of the Global access scope. Users or groups assigned to the Global access scope can manage all the network objects in IPAM. Access scopes have up to 15 major operations that can be assigned, such as DHCP server operations. These are further defined by multiple related operations, such as Create DHCP scope, that can be assigned individually. This allows for a large customization range for administrative permissions in IPAM. New access scopes are created and added in the IPAM console, in the ACCESS CONTROL pane.
• Access Policies. An access policy combines a role with an access scope to assign RBAC permissions within IPAM. New access policies are created and added in the IPAM console, in the ACCESS CONTROL pane.

0 التعليقات:

إرسال تعليق