General roles* are the default role type, whose permissions are automatically applied (if applicable) to all objects in Micetro, present and future.
To create a General role, follow the instructions on Roles, and select the General type from the dropdown in the role creation dialog. (The default type is General.)
Example: The general role DNS editor has the
Edit zone options permission enabled. Any ‘DNS zone’ type object in Micetro, whether already existing or added in the future, will be accessible to users/groups attached to this role.
Micetro has seven built-in general roles that will likely cover most use cases for access control.
The built-in roles are the following:
Full access to all objects
- DNS Administrators
Full access to DNS objects, including zones, DNS servers, etc.
- DHCP Administrators
Full access to DHCP objects, including scopes, DHCP servers, etc.
- IPAM Administrators
Full access to IPAM objects, including IPAM ranges, etc.
- User Administrators
Full access to User and Group objects.
- DNS viewers
Can view DNS objects and information, but not make changes.
- IPAM viewers
Can view IPAM and DHCP objects and information, but not make changes.
Able to make and queue DNS change requests. (See Workflow Management.)
Able to see and approve/deny submitted DNS change requests. (See Workflow Management.)
Built-in roles cannot be deleted.
Permissions for built-in roles cannot be modified.
General roles can be restricted from accessing single objects. See Object access.