Cisco Cisco Prime Network Registrar 8.1 User Guide
Administrators “How to” Section
Administrator Access Control Use Cases 193
Benefits
Using this approach the Administrator will gain access to the block necessary, but at the same
time be restricted from accessing other Infrastructure blocks.
7.7.3 Use Case - DNS Administrator
Problem
The customer has administrators that solely handle DNS administration and they would like to
assign specific Domains to groups of DNS Administrators.
One group of DNS Administrators controls all domains under “subsidiary1.com” and the
One group of DNS Administrators controls all domains under “subsidiary1.com” and the
“23.43.in-addr.arpa” reverse domain. Another group controls all domains under
“company.com” and the “43.in-addr.arpa” reverse domain.
Solution
A privileged administrator would create a “functional” role that defined Authorized Functions
which limited the user to mainly DNS related functions. We’ll call this role “DNS Functional”
as an example. This role has no Containers or Domains specified in its Access Control Lists.
Another role would be created with all Authorized Function check boxes turned off and only
Another role would be created with all Authorized Function check boxes turned off and only
the “subsidiary1.com” and “23.43.in-addr.arpa” domains specified on the Domain Access
Control tab. This role would be called “DNS Domain subsidiary1.com” for example.
Another role would be created with all Authorized Function check boxes turned off and only
Another role would be created with all Authorized Function check boxes turned off and only
the “company.com” and “43.in-addr.arpa” domains specified on the Domain Access Control
tab. This role would be called “DNS Domain company.com” for example.
Finally, one set of Administrators would be created with the Administrator Roles of “DNS
Finally, one set of Administrators would be created with the Administrator Roles of “DNS
Functional” and “DNS Domain subsidiary1.com”. While the second set would be created
using the roles of “DNS Functional and “DNS Domain company.com”.
Benefits
•
This approach saves the privileged administrator from having to remember to set each
of the “DNS Domain *” roles with the same Authorized Functions since the “DNS
Functional” role is shared by all DNS Administrators.
•
Following this pattern, if an administrator needed access to both subsidiary1.com and
company.com as well as the reverse domains, the above roles could easily be added to
that administrator’s profile and the administrator would immediately gain access to
these domains.
7.7.4 Use Case - Third Party Access
Problem
Some organizations, especially ISPs, may wish to allow their customers to have access to Cisco
Prime Network Registrar IPAM in an effort to let them manage their own address blocks or