Infoblox RBAC / role-based access control
Infoblox uses campus Manifest and SAML for authorization. Authorization for services is based upon membership in a Manifest group, the contents of which is managed by you / your organization. It is your / your organization's responsibility to ensure the correct people are listed in these Manifest groups.
Network Services personnel will create the appropriate Infoblox group and/or roles during the onboarding process for your workgroup.
The following chart provides information regarding how Manifest groups can map to infoblox roles and objects.
Important: Users need to be in ONE campus Manifest group ONLY for Infoblox access. The reason for this is all groups are presented in a list to Infoblox during the SAML exchange. The ordering is random. Infoblox only processes the first group presented. Results will be very inconsistent across user logins.
- There is a 1:1 relationship between Manifest groups and Infoblox groups.
- An Infoblox group can have one or many roles assigned.
- An Infoblox role is applied to one or many objects.
- Objects (e.g. networks, DNS zones) can have one or many roles with varying permissions levels, e.g. only A RRs, read-only, etc.