Infoblox RBAC
Infoblox uses campus Manifest and SAML for authorization. Authorization for services is based upon membership in a Manifest group, the contents of which is managed by you / your organization. It is your / your organization's responsibility to ensure the correct people are listed in these Manifest groups.
Network Services personnel will create the appropriate Infoblox group and/or roles during the onboarding process for your workgroup.
The following chart provides information regarding how Manifest groups can map to infoblox roles and objects.
Important: Users need to be in ONE campus Manifest group ONLY for Infoblox access. The reason for this is all groups get presented to Infoblox during the SAML exchange. The ordering is random. Infoblox only acts on the first group presented. Results can be very inconsistent across user logins.
- There is a 1:1 relationship between Manifest groups and Infoblox groups.
- An Infoblox group can have one or many roles assigned.
- An Infoblox role is applied to one or many objects.
- Objects (e.g. networks, DNS zones) can have one or many roles with varying permissions levels, e.g. only A RRs, read-only, etc.
