3.1.1.1.36.1 Data Model
The table in this section references the following properties of operations that can be performed in IPAM.
OperationId: This is an element of type OperationId and is the identifier for the corresponding operation.
OperationName: This is the name of the operation.
OperationGroupId: This refers to an element of type OperationGroup to which the operation belongs. Operation Groups are described in ADM_AdminOperationGroupsTable.
IsAdminRoleOnlyOperation: Specifies if the specified operation is allowed only for Admin users. If this is TRUE, then the operation is allowed only for users who are part of security groups specified in the column NonRBACAdminAccessRequirement.
IsNonRBACOperation: If this is set to TRUE, it specifies that the operation is not a role-based access control operation and the permission to perform the operation is allowed only for users who are part of security groups specified in the column NonRBACAdminAccessRequirement.
IsAccessScopeAgnosticOperation: If this is set to TRUE, it specifies that while performing the validation checks for performing the operation, AccessScope of the object is not taken into consideration.
NonRBACAdminAccessRequirement: This column specifies the credentials that are required by the user to perform a specific operation. This is a collection of SIDs (specified in [MS-DTYP] section 2.4.2). The user MUST be member of the appropriate security groups as specified in ADM_IPAMSecurityGroups. The following groupings are used to simplify the representation:
Local Administrator: This represents the Local Administrator Security Group of the machine hosting the IPAM Server.
All Readers: A user can be a member of any of the following security groups: IPAM Users, IPAM Administrators, IPAM ASM Administrators, IPAM MSM Administrators, IPAM IP Audit Administrators, Local Administrator.
All Admins: A user can be a member of any of the following security groups: IPAM Administrators, IPAM ASM Administrators, IPAM MSM Administrators, IPAM IP Audit Administrators, Local Administrator.
Built-in Operations
The following table contains the details of the built-in operations that are defined in the IPAM server. This list of groups is predefined and read only.
|
OperationId |
Operation Name |
OperationGroupId |
IsAdminRoleOnlyOperation |
IsNonRBACOperation |
IsAccessScopeAgnosticOperation |
NonRBACAdminAccessRequirement |
|---|---|---|---|---|---|---|
|
AddressSpaceCreate |
Create IP address space |
AddressSpaceOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
AddressSpaceDelete |
Delete IP address space |
AddressSpaceOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
AddressSpaceEdit |
Edit IP address space |
AddressSpaceOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
AddressSubnetCreate |
Create IP address subnet |
AddressSubnetOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
AddressSubnetDelete |
Delete IP address subnet |
AddressSubnetOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
AddressSubnetEdit |
Edit IP address subnet |
AddressSubnetOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
AddressSubnetRemapToBlock |
Remap IP address subnet to IP address block |
AddressSubnetOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
AddServer |
Add server |
ServerInventoryOperations |
FALSE |
TRUE |
TRUE |
All Admins / Audit admins |
|
AutogenerateSecretKey |
Autogenerate secret key |
SecretKeyOperations |
FALSE |
TRUE |
TRUE |
IPAMAdmins |
|
ConnectToAnotherDatabase |
Connect to database |
GenericOperations |
TRUE |
TRUE |
TRUE |
IPAMAdmins / LocalAdministrator |
|
CreateAccessPolicy |
Create access policy |
AccessPolicyOperations |
TRUE |
FALSE |
FALSE |
IPAMAdmins / LocalAdministrator |
|
CreateAccessScope |
Create access scope |
AccessScopeOperations |
TRUE |
FALSE |
FALSE |
IPAMAdmins / LocalAdministrator |
|
CreateAddressBlock |
Create IP address block |
AddressBlockOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
CreateAddressRange |
Create IP address range |
AddressRangeOperations |
FALSE |
FALSE |
FALSE |
ASM Admins / MSM Admins |
|
CreateCustomField |
Create custom field |
CustomFieldOperations |
FALSE |
FALSE |
TRUE |
All Admins |
|
CreateIPAddress |
Create IP address |
AddressOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
CreateLogicalGroup |
Create logical group |
LogicalGroupOperations |
FALSE |
FALSE |
TRUE |
All Admins |
|
CreateUserRole |
Create role |
UserRoleOperations |
TRUE |
TRUE |
TRUE |
IPAMAdmins / LocalAdministrator |
|
DeleteAccessPolicy |
Delete access policy |
AccessPolicyOperations |
TRUE |
FALSE |
FALSE |
IPAMAdmins / LocalAdministrator |
|
DeleteAccessScope |
Delete access scope |
AccessScopeOperations |
TRUE |
FALSE |
FALSE |
IPAMAdmins / LocalAdministrator |
|
DeleteAddressBlock |
Delete IP address block |
AddressBlockOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
DeleteAddressRange |
Delete IP address range |
AddressRangeOperations |
FALSE |
FALSE |
FALSE |
ASM Admins / MSM Admins |
|
DeleteCustomField |
Delete custom field |
CustomFieldOperations |
FALSE |
FALSE |
TRUE |
All Admins |
|
DeleteDiscoveryConfig |
Delete discovery configuration |
GlobalConfigurationOperations |
FALSE |
TRUE |
TRUE |
All Admins |
|
DeleteIPAddress |
Delete IP address |
AddressOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
DeleteLogicalGroup |
Delete logical group |
LogicalGroupOperations |
FALSE |
FALSE |
TRUE |
All Admins |
|
DeleteServer |
Delete server |
ServerInventoryOperations |
FALSE |
TRUE |
TRUE |
All Admins / Audit admins |
|
DeleteUserRole |
Delete role |
UserRoleOperations |
TRUE |
TRUE |
TRUE |
IPAMAdmins / LocalAdministrator |
|
EditCustomField |
Edit custom field |
CustomFieldOperations |
FALSE |
FALSE |
TRUE |
All Admins |
|
GenerateUpgradeValidationFailureLog |
GenerateUpgradeValidationFailureLog |
GenericOperations |
TRUE |
TRUE |
TRUE |
IPAMAdmins / LocalAdministrator |
|
GenericRead |
Read data |
GenericOperations |
FALSE |
TRUE |
TRUE |
All Readers |
|
HostGroupCreate |
Create host group |
HostGroupOperations |
FALSE |
FALSE |
TRUE |
IPAM ASM Administrators |
|
HostGroupDelete |
Delete host group |
HostGroupOperations |
FALSE |
FALSE |
TRUE |
IPAM ASM Administrators |
|
IPAddressAudit |
IP address audit query |
AuditOperations |
FALSE |
TRUE |
TRUE |
IPAudit Admins |
|
MACAddressPoolCreate |
Create MAC address pool |
MACAddressPoolOperations |
FALSE |
FALSE |
TRUE |
IPAM ASM Administrators |
|
MACAddressPoolDelete |
Delete MAC address pool |
MACAddressPoolOperations |
FALSE |
FALSE |
TRUE |
IPAM ASM Administrators |
|
MACAddressPoolEdit |
Edit MAC address pool |
MACAddressPoolOperations |
FALSE |
FALSE |
TRUE |
IPAM ASM Administrators |
|
ManageCustomFieldValues |
Add, update and delete custom field values |
CustomFieldOperations |
FALSE |
FALSE |
TRUE |
All Admins |
|
MapAddressRangeToAddressBlock |
Remap IP address range to IP address block |
AddressRangeOperations |
FALSE |
FALSE |
FALSE |
ASM Admins / MSM Admins |
|
MapIPRangeToReverseLookupZone |
MAP ip Range to a reverse lookup zone |
AddressRangeOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
MoveDatabase |
Move Database |
GenericOperations |
TRUE |
TRUE |
TRUE |
IPAMAdmins / LocalAdministrator |
|
MsmDhcpActivateScope |
Activate DHCP scope |
DhcpScopeOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpConfigurePredefinedOptions |
Configure predefined DHCP options |
DhcpServerOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpConfigureUserClass |
Configure DHCP user class |
DhcpServerOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpConfigureVendorClass |
Configure DHCP vendor class |
DhcpServerOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpCreateFailover |
Create DHCP failover relationship |
DhcpFailoverOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpCreateScope |
Create DHCP scope |
DhcpScopeOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpCreateScopePolicy |
Configure DHCP scope policy |
DhcpScopeOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpCreateServerPolicy |
Configure DHCP server policy |
DhcpServerOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpCreateSuperscope |
Create DHCP superscope |
DhcpSuperscopeOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpDeleteFailover |
Delete DHCP failover relationship |
DhcpFailoverOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpDeleteScope |
Delete DHCP scope |
DhcpScopeOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpDeleteScopePolicy |
Delete DHCP scope policy |
DhcpScopeOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpDeleteServerPolicy |
Delete DHCP server policy |
DhcpServerOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpDeleteSuperscope |
Delete DHCP superscope |
DhcpSuperscopeOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpEditFailover |
Edit DHCP failover relationship |
DhcpFailoverOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpEditScope |
Edit DHCP scope |
DhcpScopeOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpEditScopeOptions |
Edit DHCP scope options |
DhcpScopeOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpEditScopePolicy |
Edit DHCP scope policy |
DhcpScopeOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpEditServerOptions |
Edit DHCP server options |
DhcpServerOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpEditServerPolicy |
Edit DHCP server policy |
DhcpServerOperations |
FALSE |
FALSE |
FALSE |
IPAM MSM Administrators |
|
MsmDhcpEditServerProperties |
Edit DHCP server properties |
DhcpServerOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpEditSuperscope |
Edit DHCP superscope |
DhcpSuperscopeOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpFilterOperation |
Manage DHCP MAC filter operations |
DhcpServerOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDhcpReplicateOperation |
Replicate DHCP failover relationship (access scope agnostic operation) |
DhcpFailoverOperations |
FALSE |
FALSE |
TRUE |
MSM Admins |
|
MsmDhcpScopeCreateOrEditAddressReservation |
Create or edit DHCP reservation |
DhcpScopeReservationOperations |
FALSE |
FALSE |
FALSE |
ASM Admins / MSM Admins |
|
MsmDhcpScopeDeleteAddressReservation |
Delete DHCP reservation |
DhcpScopeReservationOperations |
FALSE |
FALSE |
FALSE |
ASM Admins / MSM Admins |
|
MsmDhcpScopeEditAddressReservation |
Edit DHCP reservation |
DhcpScopeReservationOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDnsCreateResourceRecord |
Create DNS resource records |
DnsRecordOperations |
FALSE |
FALSE |
FALSE |
IPAM ASM Administrators / IPAM MSM Administrators |
|
MsmDnsDeleteResourceRecord |
Delete DNS resource records |
DnsRecordOperations |
FALSE |
FALSE |
FALSE |
IPAM ASM Administrators / IPAM MSM Administrators |
|
MsmDnsCreateHostARecord |
Create DNS A resource records |
ARecordOperations |
FALSE |
FALSE |
FALSE |
ASM Admins / MSM Admins |
|
MsmDnsCreateNameServersRecord |
Create DNS Name Server resource records |
NSRecordOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDnsCreatePointerRecord |
Create DNS PTR resource records |
PTRRecordOperations |
FALSE |
FALSE |
FALSE |
ASM Admins / MSM Admins |
|
MsmDnsDeleteHostARecord |
Delete DNS A resource records |
ARecordOperations |
FALSE |
FALSE |
FALSE |
ASM Admins / MSM Admins |
|
MsmDnsDeleteNameServersRecord |
Delete DNS Name Server resource records |
NSRecordOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDnsDeletePointerRecord |
Delete DNS PTR resource records |
PTRRecordOperations |
FALSE |
FALSE |
FALSE |
ASM Admins / MSM Admins |
|
MsmDnsEditHostARecord |
Edit DNS A resource records |
ARecordOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
MsmDnsResetZoneStatus |
Reset DNS zone status |
DnsZoneOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins / MSM Admins |
|
MsmDnsSetPreferredServerForZone |
Set preferred DNS server for zone |
DnsZoneOperations |
FALSE |
FALSE |
FALSE |
MSM Admins |
|
ProvisionServer |
Provision IPAM server |
GlobalConfigurationOperations |
FALSE |
TRUE |
TRUE |
LocalAdministrator |
|
PurgeAuditData |
Purge audit data |
AuditOperations |
FALSE |
TRUE |
TRUE |
IPAMAdmins |
|
ReadSecretKey |
Retrieve secret key |
SecretKeyOperations |
FALSE |
TRUE |
TRUE |
IPAMAdmins |
|
RecomputeHashUsingStoredSecretKey |
Recompute Hash |
SecretKeyOperations |
FALSE |
TRUE |
TRUE |
IPAMAdmins |
|
RetrieveDatabaseConfiguration |
Retrieve current database configuration |
GenericOperations |
TRUE |
TRUE |
TRUE |
IPAMAdmins / LoalAdministrator |
|
SaveDiscoveryConfig |
Save discovery configuration |
GlobalConfigurationOperations |
FALSE |
TRUE |
TRUE |
All Admins |
|
SchemaConversion |
Schema conversion of IPAM server |
GlobalConfigurationOperations |
FALSE |
TRUE |
TRUE |
LocalAdministrator |
|
SetAddressBlockAccessScope |
Set access scope on IP address block |
AddressBlockOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins |
|
SetAddressRangeAccessScope |
Set access scope on IP address range |
AddressRangeOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins |
|
SetAddressSpaceAccessScope |
Set access scope on IP address space |
AddressSpaceOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins |
|
SetAddressSubnetAccessScope |
Set access scope on IP address subnet |
AddressSubnetOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins |
|
SetCommonPropertyValue |
Set global configuration state |
GlobalConfigurationOperations |
FALSE |
TRUE |
TRUE |
All Admins |
|
SetMsmDhcpScopeAccessScope |
Set access scope on DHCP scope |
DhcpScopeOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins |
|
SetMsmDhcpServerAccessScope |
Set access scope on DHCP server |
DhcpServerOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins |
|
SetMsmDhcpSuperscopeAccessScope |
Set access scope on DHCP superscope |
DhcpSuperscopeOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins |
|
SetMsmDnsResourceRecordAccessScope |
Set access scope on DNS resource record |
DnsRecordOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins |
|
SetMsmDnsZoneAccessScope |
Set access scope on DNS zone |
DnsZoneOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins |
|
TaskStart |
Start IPAM task |
TaskOperations |
FALSE |
TRUE |
TRUE |
All Admins |
|
UpdateAccessPolicy |
Edit access policy |
AccessPolicyOperations |
TRUE |
FALSE |
FALSE |
IPAMAdmins / LocalAdministrator |
|
UpdateAccessScope |
Edit access scope |
AccessScopeOperations |
TRUE |
FALSE |
FALSE |
IPAMAdmins / LocalAdministrator |
|
UpdateAddressBlock |
Edit IP address bloc |
AddressBlockOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
UpdateDiscoveryConfig |
Edit discovery configuration |
GlobalConfigurationOperations |
FALSE |
TRUE |
TRUE |
All Admins |
|
UpdateIPAddress |
Edit IP address |
AddressOperations |
FALSE |
FALSE |
FALSE |
ASM Admins |
|
UpdateIPAddressRange |
Edit IP address range |
AddressRangeOperations |
FALSE |
FALSE |
FALSE |
ASM Admins / MSM Admins |
|
UpdateLogicalGroup |
Edit logical group |
LogicalGroupOperations |
FALSE |
FALSE |
TRUE |
All Admins |
|
UpdateSecretKey |
Edit secret key |
SecretKeyOperations |
FALSE |
TRUE |
TRUE |
IPAMAdmins |
|
UpdateServer |
Edit server |
ServerInventoryOperations |
FALSE |
TRUE |
TRUE |
All Admins / IPAM Audit Admin |
|
UpdateUserRole |
Edit role |
UserRoleOperations |
TRUE |
TRUE |
TRUE |
IPAMAdmins / LocalAdministrator |
|
ValidateIfUpgradeIsPossible |
ValidateIfUpgradeIsPossible |
GenericOperations |
TRUE |
TRUE |
TRUE |
IPAMAdmins / LocalAdministrator |
|
SetMsmDnsServerAccessScope |
Set access scope on DNS server |
DnsServerOperations |
FALSE |
FALSE |
FALSE |
IPAMAdmins |
|
PurgeUtilizationData |
Purge Utilization data |
AddressOperations |
FALSE |
TRUE |
TRUE |
IPAMAdmins / LocalAdministrator |