Navigation

permission : Permissions object.

Limited-access admin groups can access certain DHCP resources only if their administrative permissions are defined. By default, the appliance denies access when a limited-access admin group does not have defined permissions. You can grant admin groups read-only or read/write permission, or deny access by using this object.

Note

Only supported resource_type and object combinations are allowed. Refer to the Infoblox NIOS Administrator Guide for more information.

For example, the following resource types are not supported when creating a global permission:

  • FILE_DIST_DIRECTORY
  • FIXED_ADDRESS_TEMPLATE
  • IPV6_NETWORK_CONTAINER
  • IPV6_FIXED_ADDRESS_TEMPLATE
  • IPV6_NETWORK_TEMPLATE
  • IPV6_RANGE_TEMPLATE
  • MEMBER_AAA_PROPERTIES
  • MEMBER_DHCP_PROPERTIES
  • MEMBER_DNS_PROPERTIES
  • MEMBER_FILE_DIST_PROPERTIES
  • MEMBER_SECURITY_PROPERTIES
  • NETWORK_CONTAINER
  • NETWORK_TEMPLATE
  • RANGE_TEMPLATE
  • RESTART_SERVICE
  • SUB_GRID_NETWORK_VIEW_PARENT

Examples

To create object permission for a specific zone, send the reference in the object field: {“group”: “1”, “permission”: “READ”, “object”: “zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmF6:az/default”}

To create global permission for all IPv6 Network objects, send IPV6_NETWORK in the resource_type field: {“group”: “1”, “permission”: “READ”, “resource_type”: “IPV6_NETWORK”}

To create permission for all IPv4 DHCP ranges inside a specific network container, send the reference in the object field and RANGE in the resource_type field: {“group”: “1”, “permission”: “READ”, “object”: “networkcontainer/ZG5zLm5ldHdvcmtfY29Iui4yMC4wLzI0LzA:2.2.20.0/24/default”, “resource_type”: “RANGE”}

Object Reference

References to permission are object references. The name part of a permission object reference has the following components:

  • Group name
  • Permission

Example: permission:cname/ZG5zLmJpbmRfY25h:group1/WRITE

Restrictions

The object does not support the following operations:

The object cannot be managed on Cloud Platform members.

Fields

These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.

The basic version of the object contains the field(s): group, permission, resource_type, role.

The following fields are required to create this object:

Field Notes
group One of group or role is required.
object At least one of object or resource_type is required.
permission  
resource_type At least one of object or resource_type is required.
role One of group or role is required.

group

group

The name of the admin group this permission applies to.

Type

String.

Create

One of group or role is required.

Search

The field is available for search via

  • ‘=’ (exact equality)

Notes

The group is part of the base object.

object

object

A reference to a WAPI object, which will be the object this permission applies to.

Type

String.

This field supports nested return fields as described here.

Create

At least one of object or resource_type is required.

Search

The field is available for search via

  • ‘=’ (exact equality)

permission

permission

The type of permission.

Type

String.

Valid values are:
  • DENY
  • READ
  • WRITE

Create

The field is required on creation.

Search

The field is available for search via

  • ‘=’ (exact equality)

Notes

The permission is part of the base object.

resource_type

resource_type

The type of resource this permission applies to. If ‘object’ is set, the permission is going to apply to child objects of the specified type, for example if ‘object’ was set to an authoritative zone reference and ‘resource_type’ was set to ‘A’, the permission would apply to A Resource Records within the specified zone.

Type

String.

Valid values are:
  • A
  • AAAA
  • AAA_EXTERNAL_SERVICE
  • ADD_A_RR_WITH_EMPTY_HOSTNAME
  • ALIAS
  • BFD_TEMPLATE
  • BULKHOST
  • CAA
  • CA_CERTIFICATE
  • CLUSTER
  • CNAME
  • CSV_IMPORT_TASK
  • DASHBOARD_TASK
  • DATACOLLECTOR_CLUSTER
  • DEFINED_ACL
  • DELETED_OBJS_INFO_TRACKING
  • DEVICE
  • DHCP_FINGERPRINT
  • DHCP_LEASE_HISTORY
  • DHCP_MAC_FILTER
  • DNAME
  • DNS64_SYNTHESIS_GROUP
  • FILE_DIST_DIRECTORY
  • FIREEYE_PUBLISH_ALERT
  • FIXED_ADDRESS
  • FIXED_ADDRESS_TEMPLATE
  • GRID_AAA_PROPERTIES
  • GRID_ANALYTICS_PROPERTIES
  • GRID_DHCP_PROPERTIES
  • GRID_DNS_PROPERTIES
  • GRID_FILE_DIST_PROPERTIES
  • GRID_REPORTING_PROPERTIES
  • GRID_SECURITY_PROPERTIES
  • HOST
  • HOST_ADDRESS
  • HSM_GROUP
  • IDNS_CERTIFICATE
  • IDNS_GEO_IP
  • IDNS_LBDN
  • IDNS_LBDN_RECORD
  • IDNS_MONITOR
  • IDNS_POOL
  • IDNS_SERVER
  • IDNS_TOPOLOGY
  • IMC_AVP
  • IMC_PROPERTIES
  • IMC_SITE
  • IPV6_DHCP_LEASE_HISTORY
  • IPV6_FIXED_ADDRESS
  • IPV6_FIXED_ADDRESS_TEMPLATE
  • IPV6_HOST_ADDRESS
  • IPV6_NETWORK
  • IPV6_NETWORK_CONTAINER
  • IPV6_NETWORK_TEMPLATE
  • IPV6_RANGE
  • IPV6_RANGE_TEMPLATE
  • IPV6_SHARED_NETWORK
  • IPV6_TEMPLATE
  • KERBEROS_KEY
  • MEMBER
  • MEMBER_ANALYTICS_PROPERTIES
  • MEMBER_CLOUD
  • MEMBER_DHCP_PROPERTIES
  • MEMBER_DNS_PROPERTIES
  • MEMBER_FILE_DIST_PROPERTIES
  • MEMBER_SECURITY_PROPERTIES
  • MSSERVER
  • MS_ADSITES_DOMAIN
  • MS_SUPERSCOPE
  • MX
  • NAPTR
  • NETWORK
  • NETWORK_CONTAINER
  • NETWORK_DISCOVERY
  • NETWORK_TEMPLATE
  • NETWORK_VIEW
  • OCSP_SERVICE
  • OPTION_SPACE
  • PORT_CONTROL
  • PTR
  • RANGE
  • RANGE_TEMPLATE
  • RECLAMATION
  • REPORTING_DASHBOARD
  • REPORTING_SEARCH
  • RESPONSE_POLICY_RULE
  • RESPONSE_POLICY_ZONE
  • RESTART_SERVICE
  • RESTORABLE_OPERATION
  • ROAMING_HOST
  • RULESET
  • SAML_AUTH_SERVICE
  • SCHEDULE_TASK
  • SG_IPV4_NETWORK
  • SG_IPV6_NETWORK
  • SG_NETWORK_VIEW
  • SHARED_A
  • SHARED_AAAA
  • SHARED_CNAME
  • SHARED_MX
  • SHARED_NETWORK
  • SHARED_RECORD_GROUP
  • SHARED_SRV
  • SHARED_TXT
  • SRV
  • SUB_GRID
  • SUB_GRID_NETWORK_VIEW_PARENT
  • SUPER_HOST
  • TEMPLATE
  • TENANT
  • TLSA
  • TXT
  • Unknown
  • VIEW
  • VLAN_OBJECTS
  • VLAN_RANGE
  • VLAN_VIEW
  • ZONE

Create

At least one of object or resource_type is required.

Search

The field is available for search via

  • ‘=’ (exact equality)

Notes

The resource_type is part of the base object.

role

role

The name of the role this permission applies to.

Type

String.

Create

One of group or role is required.

Search

The field is available for search via

  • ‘=’ (exact equality)

Notes

The role is part of the base object.

Fields List

Field Type Req R/O Base Search
group String Y* N Y =
object String Y* N N =
permission String Y N Y =
resource_type String Y* N Y =
role String Y* N Y =

* Required in some cases, see detailed field description above.

Table Of Contents

Previous topic

parentalcontrol:subscribersite : Subscriber site parental control properties object.

Next topic

pxgrid:endpoint : The PXGrid endpoint object.

Navigation

© Copyright 2023, Infoblox.