Cisco Cisco Prime Network Registrar 8.1 Guida Utente
Cisco Prime Network Registrar IPAM 8.1.1 User Guide
192 Administrators “How to” Section
Solution
1. Create a role that specifies the Authorized Functions for this type of administrator, but
specifies no other Access Control Lists or Domain Access. Call this
Regional
Functions
.
2. Create another role that contains no Authorized Functions, but specifies North
America in the Access Control List with full rights (that is, Read, Write, Delete, and
Apply to Children). No other containers are listed in the Access Control List. Call this
Regional North America – Full Access
.
3. Create another role that contains no Authorized Functions, but specifies Europe in the
Access Control List with only Read and Apply to Children access specified. No other
containers are listed in the Access Control List. Call this
Regional Europe – Read
Only
.
4. Create another role that contains no Authorized Functions, but specifies Asia in the
Access Control List with only Read and Apply to Children access specified. No other
containers are listed in the Access Control List. Call this
Regional Asia – Read
Only
.
5. Create one or more Administrators using the combination of these four roles.
Benefits
•
All Regional administrators would be given the same set of Authorized Functions.
And changing this set of Authorized Functions once would propagate to all Regional
Administrators automatically.
•
The Administrators defined with this set of roles would have Full Access to blocks and
containers within North America, and would be able to view all of the blocks and
containers within Europe and Asia but could not modify them.
•
Following this pattern of roles, different types of Administrators could be created
easily with a mix of Full vs. Read Only access rights to each region.
7.7.2 Use Case - Specific Block Access Required
Problem
An administrator who is not to be granted access to a particular block type on a global basis
needs access to a specific block of the denied type.
For instance, the administrator is denied access to blocks of type “Infrastructure”, but needs
For instance, the administrator is denied access to blocks of type “Infrastructure”, but needs
access to the specific block 192.168.2.0/24 in container “Miami”.
Solution
Using one of the roles specified for the given administrator (or create a new role and assign it
to the Administrator), add the Container “Miami” to the Access Control List with only Read
access turned on. Then add the block “192.168.2.0/24” and grant full rights.